CVE-2012-2807Integer Overflow or Wraparound in Libxml2

CWE-189CWE-190Integer Overflow or Wraparound12 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
1.5%
top 18.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Xmlsoft Libxml2Debian Libxml2Apple Iphone OS+8 more
Timeline
PublishedJun 27
Latest updateMay 17

Description

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages11 packages

NVDgoogle/chrome20.0.1132.42+42
debiandebian/libxml2< libxml2 2.8.0+dfsg1-5 (bookworm)
Debianxmlsoft/libxml2< 2.8.0+dfsg1-5+3
NVDapple/iphone_os6.1.4+47
vmwarevmware/esxi

🔴Vulnerability Details

2
GHSA
GHSA-52m3-crxv-6mg3: Multiple integer overflows in libxml2, as used in Google Chrome before 202022-05-17
OSV
CVE-2012-2807: Multiple integer overflows in libxml2, as used in Google Chrome before 202012-06-27

📋Vendor Advisories

5
VMware
VMware vSphere security updates for the authentication service and third party libraries2013-01-31
VMware
VMware security updates for vCSA, vCenter Server, and ESXi2012-12-20
Ubuntu
libxml2 vulnerability2012-09-27
Red Hat
(64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact2012-06-26
Debian
CVE-2012-2807: libxml2 - Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132...2012

💬Community

4
Bugzilla
CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [fedora-all]2012-09-20
Bugzilla
CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [epel-5]2012-09-20
Bugzilla
CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact [fedora-all]2012-07-27
Bugzilla
CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact2012-06-27