CVE-2011-1944 : Detail

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 35810

Publication date : 2011-05-30 22h00 +00:00
Author : Chris Evans
EDB Verified : Yes

Products Mentioned

Configuraton 0

Xmlsoft>>Libxml2 >> Version 2.6.0

Xmlsoft>>Libxml2 >> Version 2.6.1

Xmlsoft>>Libxml2 >> Version 2.6.2

Xmlsoft>>Libxml2 >> Version 2.6.3

Xmlsoft>>Libxml2 >> Version 2.6.4

Xmlsoft>>Libxml2 >> Version 2.6.5

Xmlsoft>>Libxml2 >> Version 2.6.6

Xmlsoft>>Libxml2 >> Version 2.6.7

Xmlsoft>>Libxml2 >> Version 2.6.8

Xmlsoft>>Libxml2 >> Version 2.6.9

Xmlsoft>>Libxml2 >> Version 2.6.11

Xmlsoft>>Libxml2 >> Version 2.6.12

Xmlsoft>>Libxml2 >> Version 2.6.13

Xmlsoft>>Libxml2 >> Version 2.6.14

Xmlsoft>>Libxml2 >> Version 2.6.16

Xmlsoft>>Libxml2 >> Version 2.6.17

Xmlsoft>>Libxml2 >> Version 2.6.18

Xmlsoft>>Libxml2 >> Version 2.6.20

Xmlsoft>>Libxml2 >> Version 2.6.22

Xmlsoft>>Libxml2 >> Version 2.6.26

Xmlsoft>>Libxml2 >> Version 2.6.27

Xmlsoft>>Libxml2 >> Version 2.6.30

Xmlsoft>>Libxml2 >> Version 2.6.32

Configuraton 0

Xmlsoft>>Libxml2 >> Version 2.7.0

Xmlsoft>>Libxml2 >> Version 2.7.1

Xmlsoft>>Libxml2 >> Version 2.7.2

Xmlsoft>>Libxml2 >> Version 2.7.3

Xmlsoft>>Libxml2 >> Version 2.7.4

Xmlsoft>>Libxml2 >> Version 2.7.5

Xmlsoft>>Libxml2 >> Version 2.7.6

Xmlsoft>>Libxml2 >> Version 2.7.7

Xmlsoft>>Libxml2 >> Version 2.7.8

Configuraton 0

Xmlsoft>>Libxml >> Version To (including) 1.8.16

Xmlsoft>>Libxml >> Version 1.5.0

Xmlsoft>>Libxml >> Version 1.6.0

Xmlsoft>>Libxml >> Version 1.6.1

Xmlsoft>>Libxml >> Version 1.6.2

Xmlsoft>>Libxml >> Version 1.7.0

Xmlsoft>>Libxml >> Version 1.7.1

Xmlsoft>>Libxml >> Version 1.7.2

Xmlsoft>>Libxml >> Version 1.7.3

Xmlsoft>>Libxml >> Version 1.7.4

Xmlsoft>>Libxml >> Version 1.8.0

Xmlsoft>>Libxml >> Version 1.8.1

Xmlsoft>>Libxml >> Version 1.8.2

Xmlsoft>>Libxml >> Version 1.8.3

Xmlsoft>>Libxml >> Version 1.8.4

Xmlsoft>>Libxml >> Version 1.8.5

Xmlsoft>>Libxml >> Version 1.8.6

Xmlsoft>>Libxml >> Version 1.8.7

Xmlsoft>>Libxml >> Version 1.8.8

Xmlsoft>>Libxml >> Version 1.8.9

Xmlsoft>>Libxml >> Version 1.8.10

Xmlsoft>>Libxml >> Version 1.8.11

Xmlsoft>>Libxml >> Version 1.8.12

Xmlsoft>>Libxml >> Version 1.8.13

Xmlsoft>>Libxml >> Version 1.8.14

Xmlsoft>>Libxml >> Version 1.8.15

References