oss-sec mailing list archives
CVE request : libxml2 Multiple Use-After-Free Vulnerabilities
From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 17 Apr 2013 14:45:33 +0200
From the secunia advisory SA53061[1]:
1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed memory. 2) Two use-after-free errors in "xmldecl_done()" can be exploited to dereference already freed memory. The vulnerabilities are reported in version 2.9.0. Other versions may also be affected. Commit: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f [1]: https://secunia.com/advisories/53061/ -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Agostino Sarubbo (Apr 17)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)