CVE-2013-2877

2013-07-1000:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.046 Low

EPSS

Percentile

92.4%

JSON

parser.c in libxml2 before 2.9.0, as used in Google Chrome before
28.0.1500.71 and other products, allows remote attackers to cause a denial
of service (out-of-bounds read) via a document that ends abruptly, related
to the lack of certain checks for the XML_PARSER_EOF state.

Bugs

Notes

Author	Note
jdstrand	Mitre description uses the wrong version. Fix not until 2.9.1

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchchromium-browser< 28.0.1500.71-0ubuntu1.12.04.1UNKNOWN
ubuntu12.10noarchchromium-browser< 28.0.1500.71-0ubuntu1.12.10.1UNKNOWN
ubuntu13.04noarchchromium-browser< 28.0.1500.71-0ubuntu1.13.04.1UNKNOWN
ubuntu10.04noarchlibxml2< 2.7.6.dfsg-1ubuntu1.9UNKNOWN
ubuntu12.04noarchlibxml2< 2.7.8.dfsg-5.1ubuntu4.5UNKNOWN
ubuntu12.10noarchlibxml2< 2.8.0+dfsg1-5ubuntu2.3UNKNOWN
ubuntu13.04noarchlibxml2< 2.9.0+dfsg1-4ubuntu4.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	chromium-browser	< 28.0.1500.71-0ubuntu1.12.04.1	UNKNOWN
ubuntu	12.10	noarch	chromium-browser	< 28.0.1500.71-0ubuntu1.12.10.1	UNKNOWN
ubuntu	13.04	noarch	chromium-browser	< 28.0.1500.71-0ubuntu1.13.04.1	UNKNOWN
ubuntu	10.04	noarch	libxml2	< 2.7.6.dfsg-1ubuntu1.9	UNKNOWN
ubuntu	12.04	noarch	libxml2	< 2.7.8.dfsg-5.1ubuntu4.5	UNKNOWN
ubuntu	12.10	noarch	libxml2	< 2.8.0+dfsg1-5ubuntu2.3	UNKNOWN
ubuntu	13.04	noarch	libxml2	< 2.9.0+dfsg1-4ubuntu4.2	UNKNOWN