CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
90.1%
Package : libxml2
Version : 2.7.8.dfsg-2+squeeze10
CVE ID : CVE-2014-0191 CVE-2014-3660
Sogeti found a denial of service flaw in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption
(denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior.
(CVE-2014-3660)
In addition, this update addresses a misapplied chunk for a patch
released the previous version (#762864).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | i386 | libxml2-utils | < 2.9.1+dfsg1-5 | libxml2-utils_2.9.1+dfsg1-5_i386.deb |
Debian | 7 | powerpc | libxml2-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-dbg_2.8.0+dfsg1-7+wheezy3_powerpc.deb |
Debian | 7 | ia64 | libxml2-utils-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy3_ia64.deb |
Debian | 8 | kfreebsd-i386 | libxml2-utils-dbg | < 2.9.1+dfsg1-5 | libxml2-utils-dbg_2.9.1+dfsg1-5_kfreebsd-i386.deb |
Debian | 8 | i386 | libxml2-dbg | < 2.9.1+dfsg1-5 | libxml2-dbg_2.9.1+dfsg1-5_i386.deb |
Debian | 8 | mips | python-libxml2 | < 2.9.1+dfsg1-5 | python-libxml2_2.9.1+dfsg1-5_mips.deb |
Debian | 7 | amd64 | libxml2 | < 2.8.0+dfsg1-7+wheezy3 | libxml2_2.8.0+dfsg1-7+wheezy3_amd64.deb |
Debian | 7 | s390x | libxml2-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-dbg_2.8.0+dfsg1-7+wheezy3_s390x.deb |
Debian | 6 | i386 | libxml2-utils | < 2.7.8.dfsg-2+squeeze11 | libxml2-utils_2.7.8.dfsg-2+squeeze11_i386.deb |
Debian | 8 | mipsel | libxml2-utils-dbg | < 2.9.1+dfsg1-5 | libxml2-utils-dbg_2.9.1+dfsg1-5_mipsel.deb |