DescriptionMultiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Note from the SUSE Security TeamThis security issue only affects libxml 2.9.0 or newer, so libxml2 versions on SUSE Linux Enterprise 11 (2.7.6) or older products are not affected. SUSE Bugzilla entry: 815665 SUSE Security Advisories:
- openSUSE-SU-2013:0729-1, published Tue, 30 Apr 2013 17:05:13 +0200 (CEST)
- openSUSE-SU-2013:0945-1, published Mon, 10 Jun 2013 18:13:25 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 12.3|| ||Patchnames: |