First published: Mon Jun 05 2017(Updated: )
A heap-based buffer overflow vulnerability in libxml2 in xmlValidateOneNamespace function due to incorrect casting was found. Upstream bug (private at this moment): <a href="https://bugzilla.gnome.org/show_bug.cgi?id=780228">https://bugzilla.gnome.org/show_bug.cgi?id=780228</a> Oss-fuzz bug report: <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=598">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=598</a> Android patch: <a href="https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc">https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc</a> References: <a href="https://source.android.com/security/bulletin/2017-06-01#libraries">https://source.android.com/security/bulletin/2017-06-01#libraries</a>
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libxml | <2.9.5 | 2.9.5 |
debian/libxml2 | 2.9.4+dfsg1-7+deb10u4 2.9.4+dfsg1-7+deb10u6 2.9.10+dfsg-6.7+deb11u4 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3 | |
Google Android | =4.4.4 | |
Google Android | =5.0.2 | |
Google Android | =5.1.1 | |
Google Android | =6.0 | |
Google Android | =6.0.1 | |
Google Android | =7.0 | |
Google Android | =7.1.1 | |
Google Android | =7.1.2 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.