FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml2 -- lack of end-of-document check DoS

Affected packages
libxml2 < 2.9.1
linux-c6-libxml2 < 2.7.6_2
* <= linux-f10-libxml2

Details

VuXML ID e7bb3885-da40-11e3-9ecb-2c4138874f7d
Discovery 2013-04-11
Entry 2013-07-10
Modified 2015-07-15

CVE MITRE reports:

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

[source]

References

CVE Name CVE-2013-2877
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
URL https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877
URL https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.