CVE-2013-2877

Priority
Medium
Description
parser.c in libxml2 before 2.9.0, as used in Google Chrome before
28.0.1500.71 and other products, allows remote attackers to cause a denial
of service (out-of-bounds read) via a document that ends abruptly, related
to the lack of certain checks for the XML_PARSER_EOF state.
References
Bugs
Notes
jdstrand> Mitre description uses the wrong version. Fix not until 2.9.1
Assigned-to
chad
Package
Upstream:released (2.9.1+dfsg1-2)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.7.6.dfsg-1ubuntu1.9)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.7.8.dfsg-5.1ubuntu4.5)
Ubuntu 12.10 (Quantal Quetzal):released (2.8.0+dfsg1-5ubuntu2.3)
Ubuntu 13.04 (Raring Ringtail):released (2.9.0+dfsg1-4ubuntu4.2)
Ubuntu 13.10 (Saucy Salamander):released (2.9.1+dfsg1-2ubuntu1)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=48b4cdde3483e054af8ea02e0cd7ee467b0e9a50 (backport)
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=9ca816b3a64e7b1bada7baa2cbc09e8937b38215
Package
Upstream:released (28.0.1500.71)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (28.0.1500.71-0ubuntu1.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (28.0.1500.71-0ubuntu1.12.10.1)
Ubuntu 13.04 (Raring Ringtail):released (28.0.1500.71-0ubuntu1.13.04.1)
Ubuntu 13.10 (Saucy Salamander):released (28.0.1500.71-0ubuntu1.13.10.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2013-07-25 21:15:07 UTC (commit 7129)