libxml2 is vulnerable to denial of service. Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
rhn.redhat.com/errata/RHSA-2013-0217.html
support.apple.com/kb/HT4808
support.apple.com/kb/HT4999
support.apple.com/kb/HT5001
www.debian.org/security/2012/dsa-2394
www.mandriva.com/security/advisories?name=MDVSA-2011:188
www.redhat.com/support/errata/RHSA-2011-1749.html
access.redhat.com/security/updates/classification/#important
rhn.redhat.com/errata/RHSA-2013-0217.html