Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
383
VMScore

CVE-2009-2416

Published: 11/08/2009 Updated: 02/02/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Xmlsoft

Vulnerability Summary

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent malicious users to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft libxml2 2.6.16

xmlsoft libxml2 2.6.32

xmlsoft libxml2 2.6.26

xmlsoft libxml2 2.6.27

xmlsoft libxml 1.8.17

xmlsoft libxml2 2.5.10

fedoraproject fedora 11

fedoraproject fedora 10

debian debian linux 4.0

redhat enterprise linux 4.0

redhat enterprise linux 5.0

redhat enterprise linux 3.0

canonical ubuntu linux 9.04

canonical ubuntu linux 8.10

canonical ubuntu linux 8.04

canonical ubuntu linux 6.06

google chrome

apple mac os x

apple safari

apple mac os x server

apple iphone os

suse linux enterprise server 9

suse linux enterprise 11.0

suse linux enterprise 10.0

opensuse opensuse

vmware esxi 3.5

vmware esxi 4.0

vmware esx 3.5

vmware esx 4.0

vmware vma 4.0

vmware esx 3.0.3

vmware vcenter server 4.0

sun openoffice.org

Vendor Advisories

Red Hat: Moderate: libxml and libxml2 security update
Synopsis Moderate: libxml and libxml2 security update Type/Severity Security Advisory: Moderate Topic Updated libxml and libxml2 packages that fix multiple security issues arenow available for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Se ...
Debian CVElist Bug Report Logs: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion
Debian Bug report logs - #540865 libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Nico Golde <nion@debianorg> Date: Mon, ...
Ubuntu Security Notice: libxml2 vulnerabilities
It was discovered that libxml2 did not correctly handle root XML document element DTD definitions If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service (CVE-2009-2414) ...
Debian Security Advisories: DSA-1861-1 libxml -- several vulnerabilities
Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library The Common Vulnerabilities and Exposures project identifies the following problems: ...

References

CWE-416http://www.cert.fi/en/reports/2009/vulnerability2009085.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=515205http://www.codenomicon.com/labs/xml/http://www.securityfocus.com/bid/36010http://www.networkworld.com/columnists/2009/080509-xml-flaw.htmlhttp://www.debian.org/security/2009/dsa-1859https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.htmlhttp://www.ubuntu.com/usn/USN-815-1http://secunia.com/advisories/36338https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.htmlhttp://secunia.com/advisories/36417http://secunia.com/advisories/36207http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.htmlhttp://www.vupen.com/english/advisories/2009/2420http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://support.apple.com/kb/HT3937http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.htmlhttp://support.apple.com/kb/HT3949http://www.vupen.com/english/advisories/2009/3184http://www.vupen.com/english/advisories/2009/3217http://www.vupen.com/english/advisories/2009/3316http://secunia.com/advisories/37471http://secunia.com/advisories/37346http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://support.apple.com/kb/HT4225http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://secunia.com/advisories/36631http://secunia.com/advisories/35036http://www.openoffice.org/security/cves/CVE-2009-2414-2416.htmlhttps://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783http://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.htmlhttps://access.redhat.com/errata/RHSA-2009:1206https://usn.ubuntu.com/815-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook