CVE-2009-2416 in Ubuntu

CVE-2009-2416

Priority

Description

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26,
2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to
cause a denial of service (application crash) via crafted (1) Notation or
(2) Enumeration attribute types in an XML file, as demonstrated by the
Codenomicon XML fuzzing framework.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
https://ubuntu.com/security/notices/USN-815-1

Assigned-to

kees

Notes

Package

Source: libxml (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE

Patches:

Package

Source: libxml2 (LP Ubuntu Debian)

Upstream:	released (2.7.3.dfsg-2.1)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-10 23:37:51 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)