CVE-2009-2416

mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-07-09 CVE Reserved
2009-08-11 CVE Published
2024-02-03 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (37)

URL	Tag	Source
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html	Release Notes
http://secunia.com/advisories/35036	Broken Link
http://secunia.com/advisories/36207	Broken Link
http://secunia.com/advisories/36338	Broken Link
http://secunia.com/advisories/36417	Broken Link
http://secunia.com/advisories/36631	Broken Link
http://secunia.com/advisories/37346	Broken Link
http://secunia.com/advisories/37471	Broken Link
http://support.apple.com/kb/HT3937	Third Party Advisory
http://support.apple.com/kb/HT3949	Third Party Advisory
http://support.apple.com/kb/HT4225	Third Party Advisory
http://www.cert.fi/en/reports/2009/vulnerability2009085.html	Broken Link
http://www.codenomicon.com/labs/xml	Broken Link
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html	Broken Link
http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html	Third Party Advisory
http://www.securityfocus.com/archive/1/507985/100/0/threaded	Broken Link
http://www.securityfocus.com/bid/36010	Broken Link
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	Third Party Advisory
http://www.vupen.com/english/advisories/2009/2420	Broken Link
http://www.vupen.com/english/advisories/2009/3184	Broken Link
http://www.vupen.com/english/advisories/2009/3217	Broken Link
http://www.vupen.com/english/advisories/2009/3316	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262	Broken Link

URL	Date	SRC

URL	Date	SRC
http://www.debian.org/security/2009/dsa-1859	2024-02-02
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html	2024-02-02
https://bugzilla.redhat.com/show_bug.cgi?id=515205	2009-08-10
https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59	2024-02-02

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	2024-02-02
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html	2024-02-02
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html	2024-02-02
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html	2024-02-02
http://www.ubuntu.com/usn/USN-815-1	2024-02-02
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html	2024-02-02
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html	2024-02-02
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html	2024-02-02
https://access.redhat.com/security/cve/CVE-2009-2416	2009-08-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xmlsoft Search vendor "Xmlsoft"		Libxml Search vendor "Xmlsoft" for product "Libxml"				1.8.17 Search vendor "Xmlsoft" for product "Libxml" and version "1.8.17"		-		Affected
Xmlsoft Search vendor "Xmlsoft"		Libxml2 Search vendor "Xmlsoft" for product "Libxml2"				2.5.10 Search vendor "Xmlsoft" for product "Libxml2" and version "2.5.10"		-		Affected
Xmlsoft Search vendor "Xmlsoft"		Libxml2 Search vendor "Xmlsoft" for product "Libxml2"				2.6.16 Search vendor "Xmlsoft" for product "Libxml2" and version "2.6.16"		-		Affected
Xmlsoft Search vendor "Xmlsoft"		Libxml2 Search vendor "Xmlsoft" for product "Libxml2"				2.6.26 Search vendor "Xmlsoft" for product "Libxml2" and version "2.6.26"		-		Affected
Xmlsoft Search vendor "Xmlsoft"		Libxml2 Search vendor "Xmlsoft" for product "Libxml2"				2.6.27 Search vendor "Xmlsoft" for product "Libxml2" and version "2.6.27"		-		Affected
Xmlsoft Search vendor "Xmlsoft"		Libxml2 Search vendor "Xmlsoft" for product "Libxml2"				2.6.32 Search vendor "Xmlsoft" for product "Libxml2" and version "2.6.32"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				10 Search vendor "Fedoraproject" for product "Fedora" and version "10"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				11 Search vendor "Fedoraproject" for product "Fedora" and version "11"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				4.0 Search vendor "Redhat" for product "Enterprise Linux" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"		-		Affected
Google Search vendor "Google"		Chrome Search vendor "Google" for product "Chrome"				< 2.0.172.43 Search vendor "Google" for product "Chrome" and version " < 2.0.172.43"		-		Affected
Apple Search vendor "Apple"		Safari Search vendor "Apple" for product "Safari"				< 4.0.4 Search vendor "Apple" for product "Safari" and version " < 4.0.4"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				>= 2.0 < 4.0 Search vendor "Apple" for product "Iphone Os" and version " >= 2.0 < 4.0"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.4.11 Search vendor "Apple" for product "Mac Os X" and version " < 10.4.11"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				>= 10.5.0 < 10.5.8 Search vendor "Apple" for product "Mac Os X" and version " >= 10.5.0 < 10.5.8"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				>= 10.6.0 < 10.6.2 Search vendor "Apple" for product "Mac Os X" and version " >= 10.6.0 < 10.6.2"		-		Affected
Apple Search vendor "Apple"		Mac Os X Server Search vendor "Apple" for product "Mac Os X Server"				< 10.4.11 Search vendor "Apple" for product "Mac Os X Server" and version " < 10.4.11"		-		Affected
Apple Search vendor "Apple"		Mac Os X Server Search vendor "Apple" for product "Mac Os X Server"				>= 10.5.0 < 10.5.8 Search vendor "Apple" for product "Mac Os X Server" and version " >= 10.5.0 < 10.5.8"		-		Affected
Apple Search vendor "Apple"		Mac Os X Server Search vendor "Apple" for product "Mac Os X Server"				>= 10.6.0 < 10.6.2 Search vendor "Apple" for product "Mac Os X Server" and version " >= 10.6.0 < 10.6.2"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				>= 10.3 <= 11.1 Search vendor "Opensuse" for product "Opensuse" and version " >= 10.3 <= 11.1"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				10.0 Search vendor "Suse" for product "Linux Enterprise" and version "10.0"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				11.0 Search vendor "Suse" for product "Linux Enterprise" and version "11.0"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				9 Search vendor "Suse" for product "Linux Enterprise Server" and version "9"		-		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				4.0 Search vendor "Vmware" for product "Vcenter Server" and version "4.0"		-		Affected
Vmware Search vendor "Vmware"		Vma Search vendor "Vmware" for product "Vma"				4.0 Search vendor "Vmware" for product "Vma" and version "4.0"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				3.0.3 Search vendor "Vmware" for product "Esx" and version "3.0.3"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				3.5 Search vendor "Vmware" for product "Esx" and version "3.5"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				4.0 Search vendor "Vmware" for product "Esx" and version "4.0"		-		Affected
Vmware Search vendor "Vmware"		Esxi Search vendor "Vmware" for product "Esxi"				3.5 Search vendor "Vmware" for product "Esxi" and version "3.5"		-		Affected
Vmware Search vendor "Vmware"		Esxi Search vendor "Vmware" for product "Esxi"				4.0 Search vendor "Vmware" for product "Esxi" and version "4.0"		-		Affected
Sun Search vendor "Sun"		Openoffice.org Search vendor "Sun" for product "Openoffice.org"				>= 2.0.0 < 2.4.3 Search vendor "Sun" for product "Openoffice.org" and version " >= 2.0.0 < 2.4.3"		-		Affected
Sun Search vendor "Sun"		Openoffice.org Search vendor "Sun" for product "Openoffice.org"				>= 3.0.0 < 3.1.1 Search vendor "Sun" for product "Openoffice.org" and version " >= 3.0.0 < 3.1.1"		-		Affected