CVE-2013-1969
Published: 25 April 2013
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
Notes
| Author | Note |
|---|---|
| mdeslaur | only seems to affect 2.9.0+ |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libxml2 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Released
(2.9.0+dfsg1-4ubuntu4.1)
|
|
| upstream |
Needed
|
|
|
Patches: upstream: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f |
||