Lucene search

K

Gentoo FoundationGLSA-201207-02

HistoryJul 09, 2012 - 12:00 a.m.

libxml2: User-assisted execution of arbitrary code

2012-07-0900:00:00

Gentoo Foundation

security.gentoo.org

12

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.046 Low

EPSS

Percentile

92.4%

Background

libxml2 is the XML C parser and toolkit developed for the Gnome project.

Description

The “xmlXPtrEvalXPtrPart()” function in xpointer.c contains an off-by-one error.

Impact

A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in execution of arbitrary code or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libxml2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.8.0_rc1"

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/libxml2< 2.8.0_rc1UNKNOWN

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.046 Low

EPSS

Percentile

92.4%

Related for GLSA-201207-02

openvas39 securityvulns8 debian1 nessus35 ubuntucve1 cve1 veracode1 prion1 ubuntu1 debiancve1 redhat4 amazon1 freebsd1 centos2 oraclelinux3 suse3 fedora2 vmware2 threatpost1 chrome1