Lucene search

Veracode Vulnerability DatabaseVERACODE:14442

HistoryMay 02, 2019 - 4:52 a.m.

Denial Of Service (DoS)

2019-05-0204:52:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.026 Low

EPSS

Percentile

90.4%

JSON

libxml2 is vulnerable to denial of service. Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash.

CPENameOperatorVersion
mingw32-libxml2eq2.7.6__3.el6
mingw32-libxml2eq2.7.6__2.el6
libxml2eq2.7.6__1.el6

Name	Operator	Version
mingw32-libxml2	eq	2.7.6__3.el6
mingw32-libxml2	eq	2.7.6__2.el6
libxml2	eq	2.7.6__1.el6

References

code.google.com/p/chromium/issues/detail?id=89402

googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

rhn.redhat.com/errata/RHSA-2013-0217.html

support.apple.com/kb/HT5281

support.apple.com/kb/HT5503

www.debian.org/security/2012/dsa-2394

www.mandriva.com/security/advisories?name=MDVSA-2011:145

www.redhat.com/support/errata/RHSA-2011-1749.html

access.redhat.com/security/updates/classification/#important

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840