CVE-2013-1969 - Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow con

CVE-2013-1969

Summary

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.

References

Vulnerable Configurations

cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 21-06-2013 - 03:17)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://bugzilla.gnome.org/show_bug.cgi?id=690202 https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
mlist	[oss-security] 20130417 CVE request : libxml2 Multiple Use-After-Free Vulnerabilities [oss-security] 20130418 Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities
secunia	53061
suse	openSUSE-SU-2013:0729 openSUSE-SU-2013:0945
ubuntu	USN-1817-1

Last major update

21-06-2013 - 03:17

Published

25-04-2013 - 23:55

Last modified

21-06-2013 - 03:17