CVE-2012-2871 – libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
https://notcve.org/view.php?id=CVE-2012-2871
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. libxml2 v2.9.0-rc1 y anteriores, tal como se utiliza en Google Chrome antes de v21.0.1180.89, no admite correctamente un conversión de una variable no especificada durante la manipulación de las transformaciones XSL, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto desconocido a través de un documento diseñado para tal fin. Se trata de un problema relacionado con la estructura de datos _xmlNs en include/libxml/tree.h. • http://code.google.com/p/chromium/issues/detail?id=138673 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://secunia.com/advisories/50838 http://secunia.com/advisories/54886 http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libx • CWE-122: Heap-based Buffer Overflow •
CVE-2012-0841 – libxml2: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-0841
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. libxml2 v2.8.0 y anteriores calcula los valores de hash sin restringir la capacidad de provocar colisiones hash predecibles, lo que permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU) a través datos XML modificados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846 http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://rhn.redhat.com/errata/RHSA-2012-0324.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://secunia.com/advisories/54 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVE-2011-1944 – libxmlInvalid 2.7.x - XPath Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-1944
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. Desbordamiento de entero en xpath.c en libxml2 v2.6.x hasta v2.6.32 y v2.7.x hasta v2.7.8, y libxml v1.8.16 y anteriores, permite a atacantes dependientes del contexto, provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un archivo XML modificado que provoca un desbordamiento de buffer basado en memoria dinámica cuando se añade un nuevo espacio de nombres al nodo, relacionado con la manipulación de expresiones XPath. • https://www.exploit-db.com/exploits/35810 http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html http:/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2010-4494 – libxml2: double-free in XPath processing code
https://notcve.org/view.php?id=CVE-2010-4494
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Vulnerabilidad de liberación doble en libxml2 2.7.8 y otras versiones, tal como se utiliza en Google Chrome en versiones anteriores a 8.0.552.215 y otros productos, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con el manejo de XPath. • http://code.google.com/p/chromium/issues/detail?id=63444 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-Ma • CWE-415: Double Free •
CVE-2010-4008 – libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
https://notcve.org/view.php?id=CVE-2010-4008
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. libxml2 anterior v2.7.8, como el usado en Google Chrome anterior v7.0.517.44, Apple Safari v5.0.2 y anteriores, otros productos, ree desde localizaciones de memoria inválidas durante el procesado de expresiones XPath malformadas, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) a través de un documento XML. • http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari http://code.google.com/p/chromium/issues/detail?id=58731 http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •