First published: Fri Nov 07 2008(Updated: )
Created <span class=""><a href="attachment.cgi?id=322841&action=diff" name="attach_322841" title="Proposed patch from Drew Yao">attachment 322841</a> <a href="attachment.cgi?id=322841&action=edit" title="Proposed patch from Drew Yao">[details]</a></span> Proposed patch from Drew Yao Description of problem: Drew Yao from Apple Product Security has reported integer overflow leading to memory corruption present in the xmlSAX2Characters() function in the libxml2 library. User could trigger this flaw by providing very large XML file for parsing to the XML parsing library, which would corrupt the memory and might potentially allow arbitrary code execution. Proposed patch: See attachment. Acknowledgements: Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
XMLSoft Libxml | =2.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.