CVE-2012-5134

CWE-119Buffer Overflow10 documents8 sources
Severity
6.8MEDIUM
EPSS
2.1%
top 16.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSGoogle ChromeXmlsoft Libxml2
Timeline
PublishedNov 28
Latest updateMay 17

Description

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

NVDgoogle/chrome23.0.1271.89+59
Debianlibxml2< 2.8.0+dfsg1-7+3
NVDxmlsoft/libxml22.9.0+116
NVDapple/iphone_os6.1.4+47

🔴Vulnerability Details

3
GHSA
GHSA-j7mm-3m3p-jw5x: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser2022-05-17
OSV
CVE-2012-5134: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser2012-11-28
CVEList
CVE-2012-5134: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser2012-11-28

📋Vendor Advisories

3
Ubuntu
Libxml2 vulnerability2012-12-06
Red Hat
libxml2: Heap-buffer-underflow in xmlParseAttValueComplex2012-11-27
Debian
CVE-2012-5134: libxml2 - Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c ...2012

💬Community

3
Bugzilla
CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex [fedora-all]2012-11-30
Bugzilla
CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex [fedora-all]2012-11-27
Bugzilla
CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex2012-11-27