#VU33938 Input validation error in Libxml2 - CVE-2012-2807

Cybersecurity Help s.r.o.

Published: 2012-06-27 | Updated: 2020-08-04

Vulnerability identifier: #VU33938

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-2807

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Libxml2
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Libxml2: 6.0.19

External links
https://code.google.com/p/chromium/issues/detail?id=129930
https://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
https://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
https://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
https://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
https://secunia.com/advisories/50658
https://secunia.com/advisories/50800
https://secunia.com/advisories/54886
https://secunia.com/advisories/55568
https://support.apple.com/kb/HT5934
https://support.apple.com/kb/HT6001
https://www.debian.org/security/2012/dsa-2521
https://www.mandriva.com/security/advisories?name=MDVSA-2012:126
https://www.mandriva.com/security/advisories?name=MDVSA-2013:056
https://www.securityfocus.com/bid/54718
https://www.ubuntu.com/usn/USN-1587-1
https://hermes.opensuse.org/messages/15075728
https://hermes.opensuse.org/messages/15375990

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in libxml2 (Alpine package)

Input validation error in Libxml2