In association with heise online

19 November 2008, 15:52

Two vulnerabilities eliminated in free XML library libxml2

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Two vulnerabilities in the free XML library libxml2 threaten the stability of applications based on it. The problems are due to integer overflows in the xmlSAX2Characters and xmlBufferResize functions, and can be exploited to make an application crash or come to a halt when a manipulated XML file is being parsed. One of the vulnerabilities may also be exploited to inject and run malicious code. For that to work, however, the crafted XML file probably has to contain more than two gigabytes.

The errors have been found in version 2.7.2, but other versions are also likely to be affected. The Linux distributors are already providing updated packages. The security advisories say the vulnerabilities were discovered by the Apple Security Team.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit