Two vulnerabilities eliminated in free XML library libxml2
Two vulnerabilities in the free XML library libxml2 threaten the stability of applications based on it. The problems are due to integer overflows in the xmlSAX2Characters and xmlBufferResize functions, and can be exploited to make an application crash or come to a halt when a manipulated XML file is being parsed. One of the vulnerabilities may also be exploited to inject and run malicious code. For that to work, however, the crafted XML file probably has to contain more than two gigabytes.
The errors have been found in version 2.7.2, but other versions are also likely to be affected. The Linux distributors are already providing updated packages. The security advisories say the vulnerabilities were discovered by the Apple Security Team.
See also:
- libxml2 vulnerabilities, security advisory from Ubuntu
- libxml2: integer overflow leading to memory corruption in xmlSAX2Characters, entry in Red Hat bug database
- libxml2: integer overflow leading to infinite loop in xmlBufferResize, entry in Red Hat bug database
(trk)