CVE-2011-1944
Publication date 6 June 2011
Last updated 24 July 2024
Ubuntu priority
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Status
Package | Ubuntu Release | Status |
---|---|---|
libxml2 | 11.04 natty |
Fixed 2.7.8.dfsg-2ubuntu0.1
|
10.10 maverick |
Fixed 2.7.7.dfsg-4ubuntu0.2
|
|
10.04 LTS lucid |
Fixed 2.7.6.dfsg-1ubuntu1.2
|
|
8.04 LTS hardy |
Fixed 2.6.31.dfsg-2ubuntu1.6
|
References
Related Ubuntu Security Notices (USN)
- USN-1153-1
- libxml2 vulnerability
- 16 June 2011