CVE-2013-1969
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
Múltiples vulnerabilidades de uso después de liberación en libxml2 v2.9.0 y posiblemente otras versiones podrían permitir a atacantes dependientes de contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con el (1) htmlParseChunk y (2) xmldecl_done funciones, como se demuestra por un desbordamiento de búfer en la función xmlBufGetInputBase.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-19 CVE Reserved
- 2013-04-25 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-09-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/04/17/4 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2013/04/19/1 | Mailing List |
|
| https://bugzilla.gnome.org/show_bug.cgi?id=690202 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-04/msg00109.html | 2013-06-21 | |
| http://lists.opensuse.org/opensuse-updates/2013-06/msg00081.html | 2013-06-21 | |
| http://secunia.com/advisories/53061 | 2013-06-21 | |
| http://www.ubuntu.com/usn/USN-1817-1 | 2013-06-21 |