vulnerability bulletin CVE-2012-2807
libxml2: integer overflows
Synthesis of the vulnerability
An attacker can send malformed XML data to an application linked to libxml2, in order to stop it, and possibly to execute code.Impacted products:
Debian, Fedora, libxml2, MBS, MES, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere Hypervisor.
129930, 835863, BID-54718, CERTA-2013-AVI-208, CVE-2012-2807, DSA 2521-1, ESX410-201301001, ESX410-201301401-SG, ESX410-201301402-SG, ESX410-201301403-SG, ESX410-201301405-SG, ESXi410-201301001, ESXi410-201301401-SG, ESXi500-201303101-SG, FEDORA-2012-13820, FEDORA-2012-13824, MDVSA-2012:126, MDVSA-2013:056, openSUSE-SU-2012:0975-1, RHSA-2012:1288-01, SUSE-SU-2012:1095-1, SUSE-SU-2012:1095-2, VIGILANCE-VUL-11808, VMSA-2012-0018.2, VMSA-2013-0001, VMSA-2013-0001.3, VMSA-2013-0003, VMSA-2013-0004, VMSA-2013-0004.1.
Description of the vulnerability
The libxml2 library implements an XML parser.
However, on a 64 bit processor, an attacker can generate several integer overflows (in files globals.c, entities.c and parser.c), leading to memory corruptions.
An attacker can therefore send malformed XML data to an application linked to libxml2, in order to stop it, and possibly to execute code.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides an application vulnerability watch
. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.