Debian Libxml2 vulnerabilities

CVE-2012-5134 [MEDIUM] CVE-2012-5134: libxml2 - Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c ... Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. Scope: local bookworm: resolved (fixed in 2.8.0+dfsg1-7) bullsey

CVE-2012-2807 [MEDIUM] CVE-2012-2807: libxml2 - Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132... Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 2.8.0+dfsg1-5) bullseye: resolved (fixed in 2.8.0+dfsg1-5) forky: resolved (fixed

CVE-2011-0216 [CRITICAL] CVE-2011-0216: libxml2 - Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers ... Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. Scope: local bookworm: resolved (fixed in 2.7.8.dfsg-5.1) bullseye: resolved (fixed in 2.7.8.dfsg-5.1) forky: resolved (fixed in 2.7.8.dfsg-5.1) sid: resolv

CVE-2011-1944 [CRITICAL] CVE-2011-1944: libxml2 - Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.... Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

CVE-2011-3919 [HIGH] CVE-2011-3919: libxml2 - Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.... Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 2.7.8.dfsg-7) bullseye: resolved (fixed in 2.7.8.dfsg-7) forky: resolved (fixed in 2.7.8.dfsg-7) sid: resolved (fixed in 2.7.8.d

CVE-2011-3905 [MEDIUM] CVE-2011-3905: libxml2 - libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to... libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.7.8.dfsg-5.1) bullseye: resolved (fixed in 2.7.8.dfsg-5.1) forky: resolved (fixed in 2.7.8.dfsg-5.1) sid: resolved (fixed in 2.7.8.dfsg-5.1) trixie: resolved (fixed in 2.7

CVE-2011-3102 [MEDIUM] CVE-2011-3102: libxml2 - Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and ot... Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 2.7.8.dfsg-9.1) bullseye: resolved (fixed in 2.7.8.dfsg-9.1) forky: resolved (fixed in 2.7.8.d

CVE-2011-2834 [MEDIUM] CVE-2011-2834: libxml2 - Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.1... Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Scope: local bookworm: resolved (fixed in 2.7.8.dfsg-5) bullseye: resolved (fixed in 2.7.8.dfsg-5) forky: resolved (fixed in 2.7.8.dfsg-5) sid: resolv

CVE-2011-2821 [HIGH] CVE-2011-2821: libxml2 - Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.2... Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. Scope: local bookworm: resolved (fixed in 2.7.8.dfsg-5) bullseye: resolved (fixed in 2.7.8.dfsg-5) forky: resolved (fixed in 2.7.8.dfsg-5) sid: resolved (fixed

CVE-2010-4494 [HIGH] CVE-2010-4494: libxml2 - Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google... Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Scope: local bookworm: resolved (fixed in 2.7.8.dfsg-2) bullseye: resolved (fixed in 2.7.8.dfsg-2) forky: res

CVE-2010-4008 [MEDIUM] CVE-2010-4008: libxml2 - libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5... libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.7.

CVE-2009-2414 [MEDIUM] CVE-2009-2414: libxml2 - Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2... Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. Scope: local bookworm: resolved (fi

CVE-2009-2416 [MEDIUM] CVE-2009-2416: libxml2 - Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.2... Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Scope: local bookworm: resolved (fixe

CVE-2008-4226 [CRITICAL] CVE-2008-4226: libxml2 - Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows conte... Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. Scope: local bookworm: resolved (fixed in 2.6.32.dfsg-5) bullseye: resolved (fixed in 2.6.32.dfsg-5) forky: resolved (fixed in 2.6.32.dfsg-5) sid: resolv

CVE-2008-3529 [CRITICAL] CVE-2008-3529: libxml2 - Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c i... Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Scope: local bookworm: resolved (fixed in 2.6.32.dfsg-4) bullseye: resolved (fixed in 2.6.32.dfsg-4) forky: resolved (fixed in 2.6.32.dfs

CVE-2008-4225 [HIGH] CVE-2008-4225: libxml2 - Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context... Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. Scope: local bookworm: resolved (fixed in 2.6.32.dfsg-5) bullseye: resolved (fixed in 2.6.32.dfsg-5) forky: resolved (fixed in 2.6.32.dfsg-5) sid: resolved (fixed in 2.6.32.dfsg-5) trixie: resolved

CVE-2008-3281 [MEDIUM] CVE-2008-3281: libxml2 - libxml2 2.6.32 and earlier does not properly detect recursion during entity expa... libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.6.32.dfsg-3) bullseye: resolved (fixed in 2.6.32.dfsg-3) forky: resolved (fixed in 2.6.3

CVE-2008-4409 [MEDIUM] CVE-2008-4409: libxml2 - libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definition... libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. Scope: local bookworm: resolved b

CVE-2007-6284 [MEDIUM] CVE-2007-6284: libxml2 - The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent at... The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. Scope: local bookworm: resolved (fixed in 2.6.30.dfsg-3.1) bullseye: resolved (fixed in 2.6.30.dfsg-3.1) forky: resolved (fixed in 2.6.30.dfsg-3.1) sid: resolved (fixed in 2.6.30.dfsg-3.1) tr

CVE-2004-0989 [CRITICAL] CVE-2004-0989: libxml2 - Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly ot... Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows relat