CVE-2013-1969

Published: 4/25/2013 Last updated: 8/6/2024 Reserved: 2/19/2013

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (5)

bap-llvm conf-gtksourceview conf-gtksourceview3 conf-librsvg2 lablgtk3-gtkspell3

Products affected (1)

Product	Vendor	Version
n/a	n/a	n/a

References (16)

https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
http://lists.opensuse.org/opensuse-updates/2013-04/msg00109.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00081.html
https://bugzilla.gnome.org/show_bug.cgi?id=690202
http://www.ubuntu.com/usn/USN-1817-1
http://www.openwall.com/lists/oss-security/2013/04/17/4
http://secunia.com/advisories/53061
http://www.openwall.com/lists/oss-security/2013/04/19/1
https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
http://lists.opensuse.org/opensuse-updates/2013-04/msg00109.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00081.html
https://bugzilla.gnome.org/show_bug.cgi?id=690202
http://www.ubuntu.com/usn/USN-1817-1
http://www.openwall.com/lists/oss-security/2013/04/17/4
http://secunia.com/advisories/53061
http://www.openwall.com/lists/oss-security/2013/04/19/1