Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201311-06
HistoryNov 10, 2013 - 12:00 a.m.

libxml2: Multiple vulnerabilities

2013-11-1000:00:00
Gentoo Foundation
security.gentoo.org
25

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.09 Low

EPSS

Percentile

94.5%

JSON

Background

libxml2 is the XML C parser and toolkit developed for the Gnome project.

Description

Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted document with an application linked against libxml2, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libxml2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/libxml2< 2.9.1-r1UNKNOWN

Related

openvas 50
nessus 49
prion 11
cve 10
oraclelinux 3
suse 5
debiancve 8
veracode 6
securityvulns 10
ubuntu 7
ubuntucve 8
amazon 3
centos 3
vmware 2
debian 4
redhat 6
mageia 1
osv 3
slackware 1
freebsd 2
thn 1
github 1
gentoo 1
ibm 3
android 1
openvas
openvas
Gentoo Security Advisory GLSA 201311-06
2015-09-29 00:00:00
Junos Multiple xml2 Vulnerabilities
2015-01-23 00:00:00
Ubuntu Update for libxml2 USN-1817-1
2013-05-09 00:00:00
nessus
nessus
GLSA-201311-06 : libxml2: Multiple vulnerabilities
2013-11-11 00:00:00
Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)
2015-01-23 00:00:00
Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:198)
2013-07-25 00:00:00
prion
prion
Design/Logic Flaw
2015-01-21 18:59:00
Buffer overflow
2013-04-25 23:55:00
Design/Logic Flaw
2013-04-25 23:55:00
cve
cve
CVE-2015-0386
2015-01-21 18:59:00
CVE-2013-1969
2013-04-25 23:55:00
CVE-2013-0338
2013-04-25 23:55:00
oraclelinux
oraclelinux
libxml2 security update
2013-02-28 00:00:00
libxml2 security update
2012-11-29 00:00:00
libxml2 security update
2014-05-19 00:00:00
suse
suse
Security update for libxml2 (important)
2013-11-04 18:04:12
Security update for libxml2 (important)
2013-11-04 17:04:12
libxml2: fixed buffer overflow during decoding entities (important)
2012-12-17 12:08:33
debiancve
debiancve
CVE-2013-1969
2013-04-25 23:55:00
CVE-2012-5134
2012-11-28 01:55:00
CVE-2013-2877
2013-07-10 10:55:00
veracode
veracode
Denial Of Service (DoS)
2018-07-25 06:30:41
Remote Code Execution (RCE)
2019-01-15 08:50:59
Denial Of Service (DoS)
2019-01-15 08:58:46
securityvulns
securityvulns
libxml security vulnerabilities
2013-05-09 00:00:00
libxml2 buffer overflow
2012-12-06 00:00:00
[USN-1817-1] libxml2 vulnerability
2013-05-09 00:00:00
ubuntu
ubuntu
libxml2 vulnerability
2013-05-07 00:00:00
libxml2 vulnerability
2013-03-28 00:00:00
Libxml2 vulnerability
2012-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2013-0338
2013-02-26 00:00:00
CVE-2013-1969
2013-04-25 00:00:00
CVE-2012-5134
2012-11-27 00:00:00
amazon
amazon
Medium: libxml2
2013-05-13 10:28:00
Important: libxml2
2012-12-06 21:22:00
Low: libxml2
2014-05-21 10:29:00
centos
centos
libxml2 security update
2013-03-01 00:45:13
libxml2 security update
2012-11-29 20:24:03
libxml2 security update
2014-05-19 13:08:11
vmware
vmware
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
debian
debian
[SECURITY] [DSA 2779-1] libxml2 security update
2013-10-13 21:02:25
[SECURITY] [DSA 2580-1] libxml security update
2012-12-02 20:54:41
[SECURITY] [DSA 2779-1] libxml2 security update
2013-10-13 21:02:25
redhat
redhat
(RHSA-2012:1512) Important: libxml2 security update
2012-11-29 00:00:00
(RHSA-2013:0581) Moderate: libxml2 security update
2013-02-28 00:00:00
(RHSA-2014:0513) Moderate: libxml2 security update
2014-05-19 00:00:00
mageia
mageia
Updated libxml2 packages fix CVE-2013-2877
2013-07-21 12:41:56
osv
osv
libxml2 - buffer overflow
2012-12-02 00:00:00
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
2022-05-17 04:58:58
libxslt - several
2012-10-05 00:00:00
slackware
slackware
[slackware-security] libxml2
2012-12-07 03:51:19
freebsd
freebsd
libxml2 -- lack of end-of-document check DoS
2013-04-11 00:00:00
libxml2 -- cpu consumption Dos
2013-02-21 00:00:00
thn
thn
RCSAndroid — Advanced Android Hacking Tool Leaked Online
2015-07-24 02:52:00
github
github
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
2022-05-17 04:58:58
gentoo
gentoo
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libxml2 affect System Networking Products (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660)
2019-01-31 01:55:01
Security Bulletin: IBM BladeCenter Advanced Management Module is affected by libxml2 vulnerabilities (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660)
2019-01-31 01:45:01
Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Flex System Manger (FSM) (CVE-2013-2877, CVE-2014-0191, CVE-2014-3660)
2019-01-31 02:10:01
android
android
Android Browser Exploit WebKit
2011-02-22 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.09 Low

EPSS

Percentile

94.5%

JSON
Related for GLSA-201311-06
openvas50nessus49prion11cve10oraclelinux3suse5debiancve8veracode6securityvulns10ubuntu7ubuntucve8amazon3centos3vmware2debian4redhat6mageia1osv3slackware1freebsd2thn1github1gentoo1ibm3android1