Your submission was sent successfully! Close

CVE-2013-2877

Published: 10 July 2013

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Notes

AuthorNote
jdstrand
Mitre description uses the wrong version. Fix not until 2.9.1
Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (28.0.1500.71-0ubuntu1.12.04.1)
quantal
Released (28.0.1500.71-0ubuntu1.12.10.1)
raring
Released (28.0.1500.71-0ubuntu1.13.04.1)
upstream
Released (28.0.1500.71)
libxml2
Launchpad, Ubuntu, Debian
lucid
Released (2.7.6.dfsg-1ubuntu1.9)
precise
Released (2.7.8.dfsg-5.1ubuntu4.5)
quantal
Released (2.8.0+dfsg1-5ubuntu2.3)
raring
Released (2.9.0+dfsg1-4ubuntu4.2)
upstream
Released (2.9.1+dfsg1-2)
Patches:
upstream: https://git.gnome.org/browse/libxml2/commit/?id=48b4cdde3483e054af8ea02e0cd7ee467b0e9a50 (backport)
upstream: https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
upstream: https://git.gnome.org/browse/libxml2/commit/?id=9ca816b3a64e7b1bada7baa2cbc09e8937b38215