7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
libxml2.so is vulnerable to denial of service (DoS). The vulnerability exists due to the use-after-free errors occurring through the htmlParseChunk
and xmldecl_done
functions.
CPE | Name | Operator | Version |
---|---|---|---|
libxml2.so | le | 2.9.0 | |
libxml2.so | le | 2.9.0 |
lists.opensuse.org/opensuse-updates/2013-04/msg00109.html
lists.opensuse.org/opensuse-updates/2013-06/msg00081.html
secunia.com/advisories/53061
www.openwall.com/lists/oss-security/2013/04/17/4
www.openwall.com/lists/oss-security/2013/04/19/1
www.ubuntu.com/usn/USN-1817-1
bugzilla.gnome.org/show_bug.cgi?id=690202
git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS#L1373
gitlab.gnome.org/GNOME/libxml2/commit/de0cc20c29cb3f056062925395e0f68d2250a46f