CVE-2013-2877
Published: 10 July 2013
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
Notes
| Author | Note |
|---|---|
| jdstrand | Mitre description uses the wrong version. Fix not until 2.9.1 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Released
(28.0.1500.71-0ubuntu1.12.04.1)
|
|
| quantal |
Released
(28.0.1500.71-0ubuntu1.12.10.1)
|
|
| raring |
Released
(28.0.1500.71-0ubuntu1.13.04.1)
|
|
| upstream |
Released
(28.0.1500.71)
|
|
|
libxml2 Launchpad, Ubuntu, Debian |
lucid |
Released
(2.7.6.dfsg-1ubuntu1.9)
|
| precise |
Released
(2.7.8.dfsg-5.1ubuntu4.5)
|
|
| quantal |
Released
(2.8.0+dfsg1-5ubuntu2.3)
|
|
| raring |
Released
(2.9.0+dfsg1-4ubuntu4.2)
|
|
| upstream |
Released
(2.9.1+dfsg1-2)
|
|
|
Patches: upstream: https://git.gnome.org/browse/libxml2/commit/?id=48b4cdde3483e054af8ea02e0cd7ee467b0e9a50 upstream: https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869 upstream: https://git.gnome.org/browse/libxml2/commit/?id=9ca816b3a64e7b1bada7baa2cbc09e8937b38215 |
||
References
- https://code.google.com/p/chromium/issues/detail?id=229019
- http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
- http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1
- https://ubuntu.com/security/notices/USN-1904-1
- https://ubuntu.com/security/notices/USN-1904-2
- https://www.cve.org/CVERecord?id=CVE-2013-2877
- NVD
- Launchpad
- Debian