6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Libxml2 is vulnerable to denial of service (DoS). The attack is possible because of heap-based buffer overflow in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
code.google.com/p/chromium/issues/detail?id=129930
googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
secunia.com/advisories/50658
secunia.com/advisories/50800
secunia.com/advisories/54886
secunia.com/advisories/55568
support.apple.com/kb/HT5934
support.apple.com/kb/HT6001
www.debian.org/security/2012/dsa-2521
www.mandriva.com/security/advisories?name=MDVSA-2012:126
www.mandriva.com/security/advisories?name=MDVSA-2013:056
www.securityfocus.com/bid/54718
www.ubuntu.com/usn/USN-1587-1
access.redhat.com/security/updates/classification/#moderate
hermes.opensuse.org/messages/15075728
hermes.opensuse.org/messages/15375990
rhn.redhat.com/errata/RHSA-2012-1288.html