Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent malicious users to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xmlsoft libxml2 2.6.16 |
||
xmlsoft libxml2 2.6.32 |
||
xmlsoft libxml2 2.6.26 |
||
xmlsoft libxml2 2.6.27 |
||
xmlsoft libxml 1.8.17 |
||
xmlsoft libxml2 2.5.10 |
||
fedoraproject fedora 11 |
||
fedoraproject fedora 10 |
||
debian debian linux 4.0 |
||
redhat enterprise linux 4.0 |
||
redhat enterprise linux 5.0 |
||
redhat enterprise linux 3.0 |
||
canonical ubuntu linux 9.04 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 6.06 |
||
google chrome |
||
apple mac os x |
||
apple safari |
||
apple mac os x server |
||
apple iphone os |
||
suse linux enterprise server 9 |
||
suse linux enterprise 11.0 |
||
suse linux enterprise 10.0 |
||
opensuse opensuse |
||
vmware esxi 3.5 |
||
vmware esxi 4.0 |
||
vmware esx 3.5 |
||
vmware esx 4.0 |
||
vmware vma 4.0 |
||
vmware esx 3.0.3 |
||
vmware vcenter server 4.0 |
||
sun openoffice.org |