ID CVE-2012-2807
Summary Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
References
Vulnerable Configurations
  • Google Chrome 20.0.1132.14
    cpe:2.3:a:google:chrome:20.0.1132.14
  • Google Chrome 20.0.1132.15
    cpe:2.3:a:google:chrome:20.0.1132.15
  • Google Chrome 20.0.1132.12
    cpe:2.3:a:google:chrome:20.0.1132.12
  • Google Chrome 20.0.1132.13
    cpe:2.3:a:google:chrome:20.0.1132.13
  • Google Chrome 20.0.1132.20
    cpe:2.3:a:google:chrome:20.0.1132.20
  • Google Chrome 20.0.1132.16
    cpe:2.3:a:google:chrome:20.0.1132.16
  • Google Chrome 20.0.1132.17
    cpe:2.3:a:google:chrome:20.0.1132.17
  • Google Chrome 20.0.1132.6
    cpe:2.3:a:google:chrome:20.0.1132.6
  • Google Chrome 20.0.1132.7
    cpe:2.3:a:google:chrome:20.0.1132.7
  • Google Chrome 20.0.1132.4
    cpe:2.3:a:google:chrome:20.0.1132.4
  • Google Chrome 20.0.1132.5
    cpe:2.3:a:google:chrome:20.0.1132.5
  • Google Chrome 20.0.1132.10
    cpe:2.3:a:google:chrome:20.0.1132.10
  • Google Chrome 20.0.1132.11
    cpe:2.3:a:google:chrome:20.0.1132.11
  • Google Chrome 20.0.1132.8
    cpe:2.3:a:google:chrome:20.0.1132.8
  • Google Chrome 20.0.1132.9
    cpe:2.3:a:google:chrome:20.0.1132.9
  • Google Chrome 20.0.1132.21
    cpe:2.3:a:google:chrome:20.0.1132.21
  • Google Chrome 20.0.1132.22
    cpe:2.3:a:google:chrome:20.0.1132.22
  • Google Chrome 20.0.1132.23
    cpe:2.3:a:google:chrome:20.0.1132.23
  • Google Chrome 20.0.1132.24
    cpe:2.3:a:google:chrome:20.0.1132.24
  • Google Chrome 20.0.1132.3
    cpe:2.3:a:google:chrome:20.0.1132.3
  • Google Chrome 20.0.1132.2
    cpe:2.3:a:google:chrome:20.0.1132.2
  • Google Chrome 20.0.1132.1
    cpe:2.3:a:google:chrome:20.0.1132.1
  • Google Chrome 20.0.1132.0
    cpe:2.3:a:google:chrome:20.0.1132.0
  • Google Chrome 20.0.1132.29
    cpe:2.3:a:google:chrome:20.0.1132.29
  • Google Chrome 20.0.1132.30
    cpe:2.3:a:google:chrome:20.0.1132.30
  • Google Chrome 20.0.1132.31
    cpe:2.3:a:google:chrome:20.0.1132.31
  • Google Chrome 20.0.1132.32
    cpe:2.3:a:google:chrome:20.0.1132.32
  • Google Chrome 20.0.1132.25
    cpe:2.3:a:google:chrome:20.0.1132.25
  • Google Chrome 20.0.1132.26
    cpe:2.3:a:google:chrome:20.0.1132.26
  • Google Chrome 20.0.1132.27
    cpe:2.3:a:google:chrome:20.0.1132.27
  • Google Chrome 20.0.1132.28
    cpe:2.3:a:google:chrome:20.0.1132.28
  • Google Chrome 20.0.1132.40
    cpe:2.3:a:google:chrome:20.0.1132.40
  • Google Chrome 20.0.1132.39
    cpe:2.3:a:google:chrome:20.0.1132.39
  • Google Chrome 20.0.1132.38
    cpe:2.3:a:google:chrome:20.0.1132.38
  • Google Chrome 20.0.1132.37
    cpe:2.3:a:google:chrome:20.0.1132.37
  • Google Chrome 20.0.1132.36
    cpe:2.3:a:google:chrome:20.0.1132.36
  • Google Chrome 20.0.1132.35
    cpe:2.3:a:google:chrome:20.0.1132.35
  • Google Chrome 20.0.1132.34
    cpe:2.3:a:google:chrome:20.0.1132.34
  • Google Chrome 20.0.1132.33
    cpe:2.3:a:google:chrome:20.0.1132.33
  • Google Chrome 20.0.1132.18
    cpe:2.3:a:google:chrome:20.0.1132.18
  • Google Chrome 20.0.1132.19
    cpe:2.3:a:google:chrome:20.0.1132.19
  • Google Chrome 20.0.1132.41
    cpe:2.3:a:google:chrome:20.0.1132.41
  • Google Chrome 20.0.1132.42
    cpe:2.3:a:google:chrome:20.0.1132.42
  • cpe:2.3:o:linux:linux_kernel:-:64-bit
    cpe:2.3:o:linux:linux_kernel:-:64-bit
  • Apple iPhone OS 6.1.4
    cpe:2.3:o:apple:iphone_os:6.1.4
  • Apple iPhone OS 1.0.0
    cpe:2.3:o:apple:iphone_os:1.0.0
  • Apple iPhone OS 1.0.1
    cpe:2.3:o:apple:iphone_os:1.0.1
  • Apple iPhone OS 1.0.2
    cpe:2.3:o:apple:iphone_os:1.0.2
  • Apple iPhone OS 1.1.0
    cpe:2.3:o:apple:iphone_os:1.1.0
  • Apple iPhone OS 1.1.1
    cpe:2.3:o:apple:iphone_os:1.1.1
  • Apple iPhone OS 1.1.2
    cpe:2.3:o:apple:iphone_os:1.1.2
  • Apple iPhone OS 1.1.3
    cpe:2.3:o:apple:iphone_os:1.1.3
  • Apple iPhone OS 1.1.4
    cpe:2.3:o:apple:iphone_os:1.1.4
  • Apple iPhone OS 1.1.5
    cpe:2.3:o:apple:iphone_os:1.1.5
  • Apple iPhone OS 2.0
    cpe:2.3:o:apple:iphone_os:2.0
  • Apple iPhone OS 2.0.0
    cpe:2.3:o:apple:iphone_os:2.0.0
  • Apple iPhone OS 2.0.1
    cpe:2.3:o:apple:iphone_os:2.0.1
  • Apple iPhone OS 2.0.2
    cpe:2.3:o:apple:iphone_os:2.0.2
  • Apple iPhone OS 2.1
    cpe:2.3:o:apple:iphone_os:2.1
  • Apple iPhone OS 2.1.1
    cpe:2.3:o:apple:iphone_os:2.1.1
  • Apple iPhone OS 2.2
    cpe:2.3:o:apple:iphone_os:2.2
  • Apple iPhone OS 2.2.1
    cpe:2.3:o:apple:iphone_os:2.2.1
  • Apple iPhone OS 3.0
    cpe:2.3:o:apple:iphone_os:3.0
  • Apple iPhone OS 3.0.1
    cpe:2.3:o:apple:iphone_os:3.0.1
  • Apple iPhone OS 3.1
    cpe:2.3:o:apple:iphone_os:3.1
  • Apple iPhone OS 3.1.2
    cpe:2.3:o:apple:iphone_os:3.1.2
  • Apple iPhone OS 3.1.3
    cpe:2.3:o:apple:iphone_os:3.1.3
  • Apple iPhone OS 3.2
    cpe:2.3:o:apple:iphone_os:3.2
  • Apple iPhone OS 3.2.1
    cpe:2.3:o:apple:iphone_os:3.2.1
  • Apple iPhone OS 3.2.2
    cpe:2.3:o:apple:iphone_os:3.2.2
  • Apple iPhone OS 4.0
    cpe:2.3:o:apple:iphone_os:4.0
  • Apple iPhone OS 4.0.1
    cpe:2.3:o:apple:iphone_os:4.0.1
  • Apple iPhone OS 4.0.2
    cpe:2.3:o:apple:iphone_os:4.0.2
  • Apple iPhone OS 4.1
    cpe:2.3:o:apple:iphone_os:4.1
  • Apple iPhone OS 4.2.1
    cpe:2.3:o:apple:iphone_os:4.2.1
  • Apple iPhone OS 4.2.5
    cpe:2.3:o:apple:iphone_os:4.2.5
  • Apple iPhone OS 4.2.8
    cpe:2.3:o:apple:iphone_os:4.2.8
  • Apple iPhone OS 4.3.0
    cpe:2.3:o:apple:iphone_os:4.3.0
  • Apple iPhone OS 4.3.1
    cpe:2.3:o:apple:iphone_os:4.3.1
  • Apple iPhone OS 4.3.2
    cpe:2.3:o:apple:iphone_os:4.3.2
  • Apple iPhone OS 4.3.3
    cpe:2.3:o:apple:iphone_os:4.3.3
  • Apple iPhone OS 4.3.5
    cpe:2.3:o:apple:iphone_os:4.3.5
  • Apple iPhone OS 5.0
    cpe:2.3:o:apple:iphone_os:5.0
  • Apple iPhone OS 5.0.1
    cpe:2.3:o:apple:iphone_os:5.0.1
  • Apple iPhone OS 5.1
    cpe:2.3:o:apple:iphone_os:5.1
  • Apple iPhone OS 5.1.1
    cpe:2.3:o:apple:iphone_os:5.1.1
  • Apple iPhone OS 6.0
    cpe:2.3:o:apple:iphone_os:6.0
  • Apple iPhone OS 6.0.1
    cpe:2.3:o:apple:iphone_os:6.0.1
  • Apple iPhone OS 6.0.2
    cpe:2.3:o:apple:iphone_os:6.0.2
  • Apple iPhone OS 6.1
    cpe:2.3:o:apple:iphone_os:6.1
  • Apple iPhone OS 6.1.2
    cpe:2.3:o:apple:iphone_os:6.1.2
  • Apple iPhone OS 6.1.3
    cpe:2.3:o:apple:iphone_os:6.1.3
CVSS
Base: 6.8 (as of 27-09-2013 - 06:54)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_0_BUILD_1022489_REMOTE.NASL
    description The remote VMware ESXi 5.0 host is affected by the following vulnerabilities : - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102) - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807) - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134) - A privilege escalation vulnerability exists due to improper handling of control code in the lgtosync.sys driver. A local attacker can exploit this escalate privileges on Windows-based 32-bit guest operating systems. (CVE-2013-3519)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 70877
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70877
    title ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_11_1_4_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 11.1.4. It is, therefore, affected by multiple vulnerabilities : - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the 'iTunes Store'. Please note that these vulnerabilities only affect the application when it is running on a Windows host. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128) - An uninitialized memory access error exists in the handling of text tracks. By using a specially crafted movie file, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2013-1024) - An error exists related to the iTunes Tutorials window that can allow an attacker in a privileged network location to inject content. Note that this vulnerability only affects the application installed on a Mac OS X host. (CVE-2014-1242)
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 72105
    published 2014-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72105
    title Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Windows
    NASL id ITUNES_11_1_4.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 11.1.4. It is, therefore, potentially affected by several issues : - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128) - An error exists related to text tracks in movie files that could allow denial of service or arbitrary code execution. (CVE-2013-1024) - An error exists related to the iTunes Tutorials window that could allow an attacker in a privileged network location to inject content. (CVE-2014-1242)
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 72104
    published 2014-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72104
    title Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBXML2-8235.NASL
    description This update fixes libxml2 integer overflows. (CVE-2012-2807)
    last seen 2018-09-02
    modified 2013-09-28
    plugin id 62003
    published 2012-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62003
    title SuSE 10 Security Update : libxml2 (ZYPP Patch Number 8235)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBXML2-120718.NASL
    description This update fixes several libxml2 integer overflows which could have been used to crash libxml2 parsers or potentially execute code.
    last seen 2019-01-16
    modified 2013-10-25
    plugin id 64205
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64205
    title SuSE 11.1 Security Update : libxml2 (SAT Patch Number 6571)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBXSLT_20130716.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2012-2807)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 80693
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80693
    title Oracle Solaris Third-Party Patch Update : libxslt (cve_2012_2807_numeric_errors)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-126.NASL
    description A vulnerability was found and corrected in libxml2 : Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). The updated packages have been patched to correct this issue.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 61975
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61975
    title Mandriva Linux Security Advisory : libxml2 (MDVSA-2012:126)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1587-1.NASL
    description Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 62366
    published 2012-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62366
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxml2 vulnerability (USN-1587-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-056.NASL
    description Multiple vulnerabilities was found and corrected in libxml2 : A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-5134). A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption (CVE-2013-0338). An Off-by-one error in libxml2 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors (CVE-2011-3102). Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). The updated packages have been patched to correct these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 66070
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66070
    title Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:056)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-501.NASL
    description Fixed an integer overflow in libxml2 which could lead to crashes or potential code execution.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 74708
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74708
    title openSUSE Security Update : libxml2 (openSUSE-SU-2012:0975-1)
  • NASL family Windows
    NASL id ITUNES_11_1_2.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues : - An uninitialized memory access issue exists in the handling of text tracks, which could lead to memory corruption and possibly arbitrary code execution. (CVE-2013-1024) - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 70588
    published 2013-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70588
    title Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2521.NASL
    description Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 61415
    published 2012-08-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61415
    title Debian DSA-2521-1 : libxml2 - integer overflows
  • NASL family Misc.
    NASL id APPLETV_6_0.NASL
    description According to its banner, the remote Apple TV 2nd generation or later device is prior to 6.0. It is, therefore, reportedly affected by multiple vulnerabilities, the most serious issues of which could result in arbitrary code execution.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 70257
    published 2013-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70257
    title Apple TV < 6.0 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-355.NASL
    description - Update Chromium to 22.0.1190 - Security Fixes (bnc#769181) : - CVE-2012-2815: Leak of iframe fragment id - CVE-2012-2816: Prevent sandboxed processes interfering with each other - CVE-2012-2817: Use-after-free in table section handling - CVE-2012-2818: Use-after-free in counter layout - CVE-2012-2819: Crash in texture handling - CVE-2012-2820: Out-of-bounds read in SVG filter handling - CVE-2012-2821: Autofill display problem - CVE-2012-2823: Use-after-free in SVG resource handling - CVE-2012-2826: Out-of-bounds read in texture conversion - CVE-2012-2829: Use-after-free in first-letter handling - CVE-2012-2830: Wild pointer in array value setting - CVE-2012-2831: Use-after-free in SVG reference handling - CVE-2012-2834: Integer overflow in Matroska container - CVE-2012-2825: Wild read in XSL handling - CVE-2012-2807: Integer overflows in libxml - Fix update-alternatives within the spec-file - Update v8 to 3.12.5.0 - Fixed Chromium issues: 115100, 129628, 131994, 132727, 132741, 132742, 133211 - Fixed V8 issues: 915, 1914, 2034, 2087, 2094, 2134, 2156, 2166, 2172, 2177, 2179, 2185 - Added --extra-code flag to mksnapshot to load JS code into the VM before creating the snapshot. - Support 'restart call frame' command in the debugger. - Fixed lazy sweeping heuristics to prevent old-space expansion. (issue 2194) - Fixed sharing of literal boilerplates for optimized code. (issue 2193) - Removed -fomit-frame-pointer flag from Release builds to make the stack walkable by TCMalloc (Chromium issue 133723). - Expose more detailed memory statistics (issue 2201). - Fixed Harmony Maps and WeakMaps for undefined values (Chromium issue 132744). - Update v8 to 3.11.10.6 - Implemented heap profiler memory usage reporting. - Preserved error message during finally block in try..finally. (Chromium issue 129171) - Fixed EnsureCanContainElements to properly handle double values. (issue 2170) - Improved heuristics to keep objects in fast mode with inherited constructors. - Performance and stability improvements on all platforms. - Implemented ES5-conformant semantics for inherited setters and read-only properties. Currently behind --es5_readonly flag, because it breaks WebKit bindings. - Exposed last seen heap object id via v8 public api. - Update v8 to 3.11.8.0 - Avoid overdeep recursion in regexp where a guarded expression with a minimum repetition count is inside another quantifier. (Chromium issue 129926) - Fixed missing write barrier in store field stub. (issues 2143, 1465, Chromium issue 129355) - Proxies: Fixed receiver for setters inherited from proxies. - Proxies: Fixed ToStringArray function so that it does not reject some keys. (issue 1543) - Update v8 to 3.11.7.0 - Get better function names in stack traces. - Fixed RegExp.prototype.toString for incompatible receivers (issue 1981). - Some cleanup to common.gypi. This fixes some host/target combinations that weren't working in the Make build on Mac. - Handle EINTR in socket functions and continue incomplete sends. (issue 2098) - Fixed python deprecations. (issue 1391) - Made socket send and receive more robust and return 0 on failure. (Chromium issue 15719) - Fixed GCC 4.7 (C++11) compilation. (issue 2136) - Set '-m32' option for host and target platforms - Performance and stability improvements on all platforms.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 74660
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74660
    title openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0813-1)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_11_1_2_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 11.1.2. It is, therefore, affected by multiple vulnerabilities : - An uninitialized memory access error exists in the handling of text tracks. By using a specially crafted movie file, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2013-1024) - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 70589
    published 2013-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70589
    title Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Misc.
    NASL id VMWARE_ESX_VMSA-2013-0001_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Authentication Service - bind - libxml2 - libxslt
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 89661
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89661
    title VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL
    description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064) - An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830) - An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089) - An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202) - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102) - An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970) - An error exists in the glibc library in the svc_run() function that allows a denial of service. (CVE-2011-4609) - An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864) - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807) - Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871) - A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution. (CVE-2012-2870) - Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) - Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480) - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134) - An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 70886
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70886
    title ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2013-0001.NASL
    description a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. b. Update to ESX/ESXi libxml2 userworld and service console The ESX/ESXi userworld libxml2 library has been updated to resolve multiple security issues. Also, the ESX service console libxml2 packages are updated to the following versions : libxml2-2.6.26-2.1.15.el5_8.5 libxml2-python-2.6.26-2.1.15.el5_8.5 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3102 and CVE-2012-2807 to these issues. c. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-4244 to this issue. d. Update to ESX service console libxslt package The ESX service console libxslt package is updated to version libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, and CVE-2012-2871 to these issues.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 64642
    published 2013-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64642
    title VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-134.NASL
    description Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102)
    last seen 2019-01-16
    modified 2018-04-18
    plugin id 69624
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69624
    title Amazon Linux AMI : libxml2 (ALAS-2012-134)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-13820.NASL
    description Lot of security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2015-10-20
    plugin id 62323
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62323
    title Fedora 17 : libxml2-2.7.8-9.fc17 (2012-13820)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1288.NASL
    description Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 62206
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62206
    title CentOS 5 / 6 : libxml2 (CESA-2012:1288)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120918_LIBXML2_ON_SL5_X.NASL
    description The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-01-16
    modified 2018-12-31
    plugin id 62197
    published 2012-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62197
    title Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1288.NASL
    description From Red Hat Security Advisory 2012:1288 : Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68629
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68629
    title Oracle Linux 5 / 6 : libxml2 (ELSA-2012-1288)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2013-1627-1.NASL
    description libxml2 has been updated to fix the following security issue : - CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka 'internal entity expansion' with linear complexity. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-07-31
    plugin id 83599
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83599
    title SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-13824.NASL
    description lot of security bug fixes Lots of security patches Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2015-10-20
    plugin id 62324
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62324
    title Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1288.NASL
    description Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 62195
    published 2012-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62195
    title RHEL 5 / 6 : libxml2 (RHSA-2012:1288)
redhat via4
advisories
bugzilla
id 835863
title CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libxml2 is earlier than 0:2.6.26-2.1.15.el5_8.5
          oval oval:com.redhat.rhsa:tst:20121288002
        • comment libxml2 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080032014
      • AND
        • comment libxml2-devel is earlier than 0:2.6.26-2.1.15.el5_8.5
          oval oval:com.redhat.rhsa:tst:20121288006
        • comment libxml2-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080032016
      • AND
        • comment libxml2-python is earlier than 0:2.6.26-2.1.15.el5_8.5
          oval oval:com.redhat.rhsa:tst:20121288004
        • comment libxml2-python is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080032018
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libxml2 is earlier than 0:2.7.6-8.el6_3.3
          oval oval:com.redhat.rhsa:tst:20121288012
        • comment libxml2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749006
      • AND
        • comment libxml2-devel is earlier than 0:2.7.6-8.el6_3.3
          oval oval:com.redhat.rhsa:tst:20121288016
        • comment libxml2-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749012
      • AND
        • comment libxml2-python is earlier than 0:2.7.6-8.el6_3.3
          oval oval:com.redhat.rhsa:tst:20121288018
        • comment libxml2-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749010
      • AND
        • comment libxml2-static is earlier than 0:2.7.6-8.el6_3.3
          oval oval:com.redhat.rhsa:tst:20121288014
        • comment libxml2-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749008
rhsa
id RHSA-2012:1288
released 2012-09-18
severity Moderate
title RHSA-2012:1288: libxml2 security update (Moderate)
rpms
  • libxml2-0:2.6.26-2.1.15.el5_8.5
  • libxml2-devel-0:2.6.26-2.1.15.el5_8.5
  • libxml2-python-0:2.6.26-2.1.15.el5_8.5
  • libxml2-0:2.7.6-8.el6_3.3
  • libxml2-devel-0:2.7.6-8.el6_3.3
  • libxml2-python-0:2.7.6-8.el6_3.3
  • libxml2-static-0:2.7.6-8.el6_3.3
refmap via4
apple
  • APPLE-SA-2013-09-18-2
  • APPLE-SA-2013-10-22-8
bid 54718
confirm
debian DSA-2521
mandriva
  • MDVSA-2012:126
  • MDVSA-2013:056
secunia
  • 50658
  • 50800
  • 54886
  • 55568
suse
  • SUSE-SU-2013:1627
  • openSUSE-SU-2012:0813
  • openSUSE-SU-2012:0975
ubuntu USN-1587-1
vmware via4
description The ESX/ESXi userworld libxml2 library has been updated to resolve multiple security issues. Alsothe ESX service console libxml2 packages are updated to the following versions: libxml2-2.6.26-2.1.15.el5_8.5libxml2-python-2.6.26-2.1.15.el5_8.5
id VMSA-2013-0001
last_updated 2013-05-30T00:00:00
published 2013-01-31T00:00:00
title Update to ESX/ESXi libxml2 userworld and service console
Last major update 27-01-2014 - 23:45
Published 27-06-2012 - 06:18
Back to Top