 |
|
|
|
| libxml multiple security vulnerability | | Published: |  | 11.08.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10136 | | Type: |  | library | | Level: |  | 6/10 | | Description: |  | Memory use-after-free, stack overflow (exhaustion). |
| Affected: |  | LIBXML : libxml 2.6 | | CVE: |  | CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.) | | | | CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.) |
|
|
|
|
|
|
|
|
