oss-sec mailing list archives
Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 26 Jan 2016 18:02:45 +0100
Hi, On Mon, Jan 25, 2016 at 08:01:08AM +0000, limingxing wrote:
Hello,
We find a vulnerability in the way libxml2's htmlParseNameComplex() function parsed certain xml file.
I was successful in reproducing this issuel in the latest version of libxml2(git clone git://git.gnome.org/libxml2).
HTMLparser.c line:2517 :
return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
"ctxt->input->cur - len" cause Out-of-bounds Read.
While checking upstream bugzilla to see if that was reported I noticed https://bugzilla.gnome.org/show_bug.cgi?id=749115 Does this have the same root cause? Regards, Salvatore
Current thread:
- Out-of-bounds Read in the libxml2's htmlParseNameComplex() function limingxing (Jan 25)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign (Jan 26)
- Re: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign (Feb 03)
- Re: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)