DescriptionHeap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
|National Vulnerability Database|
- SUSE-SR:2008:018, published Fri, 19 Sep 2008 16:00:00 +0000