CVE-2013-2877

CWE-119Buffer OverflowCWE-125Out-of-bounds Read9 documents8 sources
Severity
5.0MEDIUM
EPSS
0.6%
top 29.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeXmlsoft Libxml2
Timeline
PublishedJul 10
Latest updateMay 17

Description

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDgoogle/chrome28.0.1500.70+62
Debianlibxml2< 2.9.1+dfsg1-1+3
NVDxmlsoft/libxml22.9.0+124

🔴Vulnerability Details

3
GHSA
GHSA-fx83-qvvj-7h25: parser2022-05-17
CVEList
CVE-2013-2877: parser2013-07-10
OSV
CVE-2013-2877: parser2013-07-10

📋Vendor Advisories

3
Ubuntu
libxml2 vulnerabilities2013-07-15
Red Hat
libxml2: Out-of-bounds read via a document that ends abruptly2013-07-09
Debian
CVE-2013-2877: libxml2 - parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 a...2013

💬Community

2
Bugzilla
CVE-2013-2877 libxml2: Out-of-bounds read via a document that ends abruptly2013-07-10
Bugzilla
libxml2: CVE-2013-2877 libxml2: Out-of-bounds read via a document that ends abruptly [fedora-17]2013-07-10
CVE-2013-2877 (MEDIUM CVSS 5) | parser.c in libxml2 before 2.9.0 | cvebase.io