CVE-2013-1969

CWE-399 CWE-416 — Use After Free7 documents7 sources

Severity

7.5HIGH

EPSS

1.0%

top 23.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2

Timeline

PublishedApr 25

Latest updateMay 17

Description

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDxmlsoft/libxml22.9.0

🔴Vulnerability Details

GHSA

GHSA-jmvg-2fg9-jhpr: Multiple use-after-free vulnerabilities in libxml2 2↗2022-05-17

▶

CVEList

CVE-2013-1969: Multiple use-after-free vulnerabilities in libxml2 2↗2013-04-25

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerability↗2013-05-07

▶

Debian

CVE-2013-1969: libxml2 - Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other vers...↗2013

▶

Red Hat

libxml2: multiple use-after-free flaws↗2012-12-14

▶

💬Community

Bugzilla

CVE-2013-1969 libxml2: multiple use-after-free flaws↗2013-04-19

▶