CVE-2009-2414

CWE-119 — Buffer Overflow8 documents8 sources

Severity

4.3MEDIUM

EPSS

1.4%

top 19.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml Xmlsoft Libxml2

Timeline

PublishedAug 11

Latest updateMay 2

Description

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianlibxml2< 2.7.3.dfsg-2.1+3

▶NVDxmlsoft/libxml25 versions+4

▶NVDxmlsoft/libxml1.8.17

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-pxj8-hpwc-88mp: Stack consumption vulnerability in libxml2 2↗2022-05-02

▶

CVEList

CVE-2009-2414: Stack consumption vulnerability in libxml2 2↗2009-08-11

▶

OSV

CVE-2009-2414: Stack consumption vulnerability in libxml2 2↗2009-08-11

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2009-08-11

▶

Red Hat

mingw32-libxml2: Stack overflow by parsing root XML element DTD definition↗2009-08-10

▶

Debian

CVE-2009-2414: libxml2 - Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2...↗2009

▶

💬Community

Bugzilla

CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing root XML element DTD definition↗2009-08-03

▶