CVE-2012-5134
Published: 27 November 2012
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Notes
| Author | Note |
|---|---|
| jdstrand | sarnold provided the update for libxml2 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(3.0.1271.97-0ubuntu0.10.04.1)
|
|
| oneiric |
Released
(3.0.1271.97-0ubuntu0.11.10.1)
|
|
| precise |
Released
(3.0.1271.97-0ubuntu0.12.04.1)
|
|
| quantal |
Released
(3.0.1271.97-0ubuntu0.12.10.1)
|
|
| upstream |
Released
(23.0.1271.91)
|
|
|
libxml2 Launchpad, Ubuntu, Debian |
hardy |
Released
(2.6.31.dfsg-2ubuntu1.11)
|
| lucid |
Released
(2.7.6.dfsg-1ubuntu1.7)
|
|
| oneiric |
Released
(2.7.8.dfsg-4ubuntu0.5)
|
|
| precise |
Released
(2.7.8.dfsg-5.1ubuntu4.3)
|
|
| quantal |
Released
(2.8.0+dfsg1-5ubuntu2.1)
|
|
| upstream |
Released
(2.8.0+dfsg1-7)
|
|
|
Patches: upstream: http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d vendor: http://www.debian.org/security/2012/dsa-2580 |
||
References
- https://code.google.com/p/chromium/issues/detail?id=158249
- https://bugzilla.redhat.com/show_bug.cgi?id=880466
- http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
- https://ubuntu.com/security/notices/USN-1656-1
- https://www.cve.org/CVERecord?id=CVE-2012-5134
- NVD
- Launchpad
- Debian