CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
86.2%
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other
versions might allow context-dependent attackers to cause a denial of
service (crash) and possibly execute arbitrary code via vectors related to
the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a
buffer overflow in the xmlBufGetInputBase function.
Author | Note |
---|---|
mdeslaur | only seems to affect 2.9.0+ |