CVE-2010-4008 – libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
https://notcve.org/view.php?id=CVE-2010-4008
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. libxml2 anterior v2.7.8, como el usado en Google Chrome anterior v7.0.517.44, Apple Safari v5.0.2 y anteriores, otros productos, ree desde localizaciones de memoria inválidas durante el procesado de expresiones XPath malformadas, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) a través de un documento XML. • http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari http://code.google.com/p/chromium/issues/detail?id=58731 http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2009-2414 – mingw32-libxml2: Stack overflow by parsing root XML element DTD definition
https://notcve.org/view.php?id=CVE-2009-2414
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. Vulnerabilidad de agotamiento de pila en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una declaración de elementos en una DTD, relacionada con la recursión de función, como se demostro en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-416: Use After Free •
CVE-2008-4409 – libxml2 - Denial of Service
https://notcve.org/view.php?id=CVE-2008-4409
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. libxml2 v2.7.0 y v2.7.1 no maneja apropiadamente "definiciones de entidades predefinidas" en entidades, lo cual permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de memoria y caída de aplicación), como lo demostrado por la utilización de xmllint en un determinado documento XML, una vulnerabilidad diferente a CVE-2003-1564 y CVE-2008-3281. • https://www.exploit-db.com/exploits/32454 http://bugzilla.gnome.org/show_bug.cgi?id=554660 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://openwall.com/lists/oss-security/2008/10/02/4 http://secunia.com/advisories/32130 http://secunia.com/advisories/32175 http://secunia.com/advisories/32974 http://secunia.com/advisories/35379 http://security.gentoo.org/glsa/glsa-20081 • CWE-399: Resource Management Errors •
CVE-2008-3529 – Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
https://notcve.org/view.php?id=CVE-2008-3529
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su elección al utilizar un nombre largo de entidad XML. • https://www.exploit-db.com/exploits/8798 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31855 http://secunia.com/advisories/31860 http://secunia.com/advisories/31868 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •