CVE-2007-6284

Published: 12 January 2008

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Priority

Medium

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Notes

AuthorNote
jdstrand
private reproducer and patch on vendor-sec.  DoS, but
widely used

References