oss-sec mailing list archives
Re: CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode
From: cve-assign () mitre org
Date: Wed, 4 May 2016 01:33:55 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
We found an out-of-bounds read parsing a specially crafted xml in libxml2 if recover mode is used.
xmllint -recover
AddressSanitizer: heap-buffer-overflow ... READ of size 1
in xmlBufAttrSerializeTxtContent at xmlsave.c:2057
Use CVE-2016-4483 for this buffer over-read issue.
(As far as we can tell, xmlsave.c is not specific to the xmllint program, e.g.,
libxml2_la_SOURCES = SAX.c entities.c encoding.c error.c parserInternals.c \
...
xmlwriter.c legacy.c chvalid.c pattern.c xmlsave.c \
in the Makefile.in file.)
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXKYjwAAoJEHb/MwWLVhi2XyQP/0HHmJWg4qK6CZ3MP51QXnpN
moUDMdEST1oGlOSjfQcZ0i/i3yesk0qqfG2V1E+uH0Yu5FS78ud2mc+5/SZnjFzj
RO71qkIUN8vrXSJRJ2CZrySAa6Z3VM5P3NZQHq1pZ/BF2fzwgFATwLb+476+BDOu
tAIFMhWVH4TQ3YtG5dGrgDjCPK2LJCFockvvtjsYElfZQkTDKapk8/JjbZxmMcFY
QPvM4YqCXrJ6i+LCO+LERFW51xZso6o32HqeeizfuT5Q+XTfx1Kd+t/VasVcGp77
k8AqhNJSNFnDFUCmN+fQN093q7GQQG80spKwYSOXfP9ZGb7g/jP5IRv1kbmtdDof
eKKA2gQr7XMiGlqMxEUPFkVXYcX37oH1BMcjS7erw6+zE+EI6seW+6gWxK8Ke/Hg
ycklozYz9ZsvrqS2cfR5kdG5EmNvgatYQ3pivZmjfp3V4W+dwXTxeNh4oiEF3YJv
mhgdi3WqeH0z8ibyU75GVeZh3WHbcB4yNlyqeNOOcosvy6O2DNlA4LDqK7ouriGF
AB0t+sy289WdDKHIPRVwTMlZkNaqtiuR5MUVKeYHH6y+qiqwdv4y69y5opBd+caP
2rAYNJx8e/lbBF6EvXVfQZdgzfLP644tv7+rsJwi5K7J0Nbvn6rkI6/nQIDRKNKe
sNb0SV4CM2Tym0y40PGq
=meeO
-----END PGP SIGNATURE-----
Current thread:
- CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode Gustavo Grieco (May 03)
- Re: CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode cve-assign (May 03)