CVE-2011-3919Out-of-bounds Write in Google Chrome

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow11 documents8 sources
Severity
7.5HIGHNVD
EPSS
3.2%
top 13.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Xmlsoft Libxml2Apple Iphone OSApple MAC OS X+7 more
Timeline
PublishedJan 7
Latest updateMay 13

Description

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages8 packages

NVDgoogle/chrome< 16.0.912.75
Debianxmlsoft/libxml2< 2.7.8.dfsg-7+3
NVDapple/mac_os_x< 10.7.4
NVDapple/iphone_os< 6.0

Also affects: Debian Linux 5.0, 6.0, 7.0, Enterprise Linux 6.3

🔴Vulnerability Details

3
GHSA
GHSA-7c47-25cj-whfq: Heap-based buffer overflow in libxml2, as used in Google Chrome before 162022-05-13
OSV
CVE-2011-3919: Heap-based buffer overflow in libxml2, as used in Google Chrome before 162012-01-07
CVEList
CVE-2011-3919: Heap-based buffer overflow in libxml2, as used in Google Chrome before 162012-01-07

📋Vendor Advisories

3
Ubuntu
libxml2 vulnerabilities2012-01-19
Red Hat
libxml2: Heap-based buffer overflow when decoding an entity reference with a long name2012-01-06
Debian
CVE-2011-3919: libxml2 - Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912....2011

💬Community

4
Bugzilla
CVE-2011-3919 CVE-2011-3905 CVE-2011-2834 libxml2 various flaws [fedora-all]2012-01-06
Bugzilla
CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name2012-01-05
Bugzilla
CVE-2011-0216 CVE-2011-3905 CVE-2011-3919 mingw32-libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]2011-11-22
Bugzilla
CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]2011-11-22
CVE-2011-3919 — Out-of-bounds Write in Google Chrome | cvebase