CVE-2013-1969
published 2013-04-25CVE-2013-1969: Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.79%
88.6th percentile
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libxml2 vulnerability
vendor_ubuntu·2013-05-07
CVE-2013-1969 libxml2 vulnerability
Title: libxml2 vulnerability
Summary: libxml2 could be made to crash or run programs if it opened a specially
crafted file.
It was discovered that libxml2 incorrectly handled memory management when
parsing certain XML files. An attacker could use this flaw to cause libxml2
to crash, resulting in a denial of service, or to possibly execute
arbitrary code.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Debian
CVE-2013-1969: libxml2 - Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other vers...
vendor_debian·2013·CVSS 7.5
CVE-2013-1969 [HIGH] CVE-2013-1969: libxml2 - Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other vers...
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
libxml2: multiple use-after-free flaws
vendor_redhat·2012-12-14·CVSS 7.5
CVE-2013-1969 [HIGH] CWE-416 libxml2: multiple use-after-free flaws
libxml2: multiple use-after-free flaws
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
Statement: This issue does not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 5 and 6.
Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected
Package: mingw32-libxml2 (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-jmvg-2fg9-jhpr: Multiple use-after-free vulnerabilities in libxml2 2
ghsa_unreviewed·2022-05-17
CVE-2013-1969 [HIGH] GHSA-jmvg-2fg9-jhpr: Multiple use-after-free vulnerabilities in libxml2 2
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-updates/2013-04/msg00109.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00081.htmlhttp://secunia.com/advisories/53061http://www.openwall.com/lists/oss-security/2013/04/17/4http://www.openwall.com/lists/oss-security/2013/04/19/1http://www.ubuntu.com/usn/USN-1817-1https://bugzilla.gnome.org/show_bug.cgi?id=690202https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46fhttp://lists.opensuse.org/opensuse-updates/2013-04/msg00109.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00081.htmlhttp://secunia.com/advisories/53061http://www.openwall.com/lists/oss-security/2013/04/17/4http://www.openwall.com/lists/oss-security/2013/04/19/1http://www.ubuntu.com/usn/USN-1817-1https://bugzilla.gnome.org/show_bug.cgi?id=690202https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
2013-04-25
Published