Lucene search

Veracode Vulnerability DatabaseVERACODE:14449

HistoryMay 02, 2019 - 4:52 a.m.

Heap-Based Buffer Overflow

2019-05-0204:52:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

mingw32-libxml2 is vulnerable to a heap-based buffer overflow. Due to a flaw in libxml2 which decods entity references with long names, it allows an attacker to provide a malicious XML file, causing an application crash and arbitrary code execution.

CPENameOperatorVersion
mingw32-libxml2eq2.7.6__3.el6
mingw32-libxml2eq2.7.6__2.el6
libxml2eq2.6.26__2.1.2.8.el5_5.1
libxml2eq2.7.6__1.el6

Name	Operator	Version
mingw32-libxml2	eq	2.7.6__3.el6
mingw32-libxml2	eq	2.7.6__2.el6
libxml2	eq	2.6.26__2.1.2.8.el5_5.1
libxml2	eq	2.7.6__1.el6

References

code.google.com/p/chromium/issues/detail?id=107128

googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html

rhn.redhat.com/errata/RHSA-2013-0217.html

secunia.com/advisories/47449

secunia.com/advisories/55568

support.apple.com/kb/HT5281

support.apple.com/kb/HT5503

www.debian.org/security/2012/dsa-2394

www.mandriva.com/security/advisories?name=MDVSA-2012:005

www.securityfocus.com/bid/51300

www.securitytracker.com/id?1026487

access.redhat.com/security/updates/classification/#important

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14504

rhn.redhat.com/errata/RHSA-2013-0217.html

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:14449