2011-09-02 18:55:03 2016-06-17 03:59:08

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
XMLSoft Libxml2 2.7.8 XMLSoft Libxml2 2.7.5 XMLSoft Libxml2 2.7.6 XMLSoft Libxml2 2.7.3 XMLSoft Libxml2 2.7.4 Xmlsoft Libxml 1.5.0 (not an official CPE) XMLSoft Libxml2 2.6.18 XMLSoft Libxml2 2.6.17 Xmlsoft Libxml 1.8.5 (not an official CPE) Xmlsoft Libxml 1.8.6 (not an official CPE) Xmlsoft Libxml 1.8.3 (not an official CPE) Xmlsoft Libxml 1.8.4 (not an official CPE) Xmlsoft Libxml 1.8.9 (not an official CPE) XMLSoft Libxml2 2.6.12 XMLSoft Libxml2 2.6.11 Xmlsoft Libxml 1.8.7 (not an official CPE) Xmlsoft Libxml 1.8.8 (not an official CPE) XMLSoft Libxml2 2.6.14 XMLSoft Libxml2 2.6.13 Xmlsoft Libxml 1.8.1 (not an official CPE) Xmlsoft Libxml 1.8.2 (not an official CPE) Xmlsoft Libxml 1.6.1 (not an official CPE) Xmlsoft Libxml 1.6.2 (not an official CPE) Xmlsoft Libxml 1.8.0 (not an official CPE) XMLSoft Libxml2 2.7.1 XMLSoft Libxml2 2.7.2 Xmlsoft Libxml2 2.6.16 Xmlsoft Libxml 1.8.16 (not an official CPE) XMLSoft Libxml2 2.7.0 XMLSoft Libxml2 2.6.8 XMLSoft Libxml2 2.6.9 Xmlsoft Libxml 1.8.11 (not an official CPE) XMLSoft Libxml2 2.6.6 Xmlsoft Libxml 1.8.10 (not an official CPE) XMLSoft Libxml2 2.6.7 Xmlsoft Libxml 1.8.13 (not an official CPE) XMLSoft Libxml2 2.6.4 Xmlsoft Libxml 1.8.12 (not an official CPE) XMLSoft Libxml2 2.6.5 XMLSoft Libxml2 2.6.22 Xmlsoft Libxml 1.8.15 (not an official CPE) Xmlsoft Libxml 1.8.14 (not an official CPE) XMLSoft Libxml2 2.6.20 Xmlsoft Libxml 1.6.0 (not an official CPE) XMLSoft Libxml2 2.6.27 XMLSoft Libxml2 2.6.26 XMLSoft Libxml2 2.7.7 XMLSoft Libxml2 2.6.1 XMLSoft Libxml2 2.6.0 XMLSoft Libxml2 2.6.3 XMLSoft Libxml2 2.6.2 Xmlsoft Libxml 1.7.1 (not an official CPE) Xmlsoft Libxml 1.7.0 (not an official CPE) Xmlsoft Libxml 1.7.3 (not an official CPE) Xmlsoft Libxml 1.7.2 (not an official CPE) XMLSoft Libxml2 2.6.32 Xmlsoft Libxml 1.7.4 (not an official CPE) XMLSoft Libxml2 2.6.30