CVE-2009-2414 in Ubuntu

CVE-2009-2414

Priority

Description

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27,
and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause
a denial of service (application crash) via a large depth of element
declarations in a DTD, related to a function recursion, as demonstrated by
the Codenomicon XML fuzzing framework.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
https://ubuntu.com/security/notices/USN-815-1

Assigned-to

kees

Notes

Package

Source: libxml (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE

Patches:

Package

Source: libxml2 (LP Ubuntu Debian)

Upstream:	released (2.7.3.dfsg-2.1)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-10 23:37:50 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)