libxml2: Heap-buffer-underflow in xmlParseAttValueComplex

🗓️ 31 Jan 2013 19:14:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

libxml2 heap-buffer-underflow in xmlParseAttValueComplex enables denial of service.

Reporter	Title	Published	Views	Family All 150
FreeBSD	chromium -- multiple vulnerabilities	26 Nov 201200:00	–	freebsd
Tenable Nessus	Google Chrome < 23.0.1271.91 Multiple Vulnerabilities	29 Nov 201200:00	–	nessus
Tenable Nessus	iTunes for Windows < 11.1.4 Multiple Vulnerabilities	30 Jan 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libxml2 (ALAS-2012-143)	4 Sep 201300:00	–	nessus
Tenable Nessus	Apple TV < 6.0 Multiple Vulnerabilities	1 Oct 201300:00	–	nessus
Tenable Nessus	Apple iOS < 7 Multiple Vulnerabilities	19 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : libxml2 (CESA-2012:1512)	30 Nov 201200:00	–	nessus
Tenable Nessus	CentOS 6 : mingw32-libxml2 (CESA-2013:0217)	1 Feb 201300:00	–	nessus
Tenable Nessus	Debian DSA-2580-1 : libxml2 - buffer overflow	3 Dec 201200:00	–	nessus
Tenable Nessus	FreeBSD : chromium -- multiple vulnerabilities (4d64fc61-3878-11e2-a4eb-00262d5ed8ee)	28 Nov 201200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	any	mingw32-libxml2	0:2.7.6-6.el6_3	mingw32-libxml2-0:2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux	6	any	mingw32-libxml2-debuginfo	0:2.7.6-6.el6_3	mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux	6	any	mingw32-libxml2-static	0:2.7.6-6.el6_3	mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2012-5134
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-5134
cve	www.cve.org/CVERecord

28 Jan 2026 22:51Current

7.9High risk

Vulners AI Score7.9

CVSS 26.8

EPSS0.02065

libxml2 heap buffer underflow xmlParseAttValueComplex denial of service remote code execution crafted entities