CVE-2013-2877

Priority
Medium
Description
parser.c in libxml2 before 2.9.0, as used in Google Chrome before
28.0.1500.71 and other products, allows remote attackers to cause a denial
of service (out-of-bounds read) via a document that ends abruptly, related
to the lack of certain checks for the XML_PARSER_EOF state.
References
Bugs
Notes
 jdstrand> Mitre description uses the wrong version. Fix not until 2.9.1
Assigned-to
chad
Package
Upstream:released (2.9.1+dfsg1-2)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.7.8.dfsg-5.1ubuntu4.5)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=48b4cdde3483e054af8ea02e0cd7ee467b0e9a50 (backport)
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=9ca816b3a64e7b1bada7baa2cbc09e8937b38215
Package
Upstream:released (28.0.1500.71)
Ubuntu 12.04 LTS (Precise Pangolin):released (28.0.1500.71-0ubuntu1.12.04.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:41:43 UTC (commit 9756)