CVE-2013-1969
Published: 25 April 2013
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
Notes
Author | Note |
---|---|
mdeslaur | only seems to affect 2.9.0+ |
Priority
Status
Package | Release | Status |
---|---|---|
libxml2 Launchpad, Ubuntu, Debian |
upstream |
Needed
|
hardy |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Released
(2.9.0+dfsg1-4ubuntu4.1)
|
|
Patches: upstream: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f |