CVE 2013-2877
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
Related bugs and status
CVE-2013-2877 (Candidate) is related to these bugs:
Bug #1194410: Apply upstream patch to close XXE vulnerability in precise
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1194410 | Apply upstream patch to close XXE vulnerability in precise | libxml2 (Ubuntu) | Undecided | Fix Released | ||
1194410 | Apply upstream patch to close XXE vulnerability in precise | libxml2 (Ubuntu Lucid) | Medium | Fix Released | ||
1194410 | Apply upstream patch to close XXE vulnerability in precise | libxml2 (Ubuntu Precise) | Medium | Fix Released | ||
1194410 | Apply upstream patch to close XXE vulnerability in precise | libxml2 (Ubuntu Saucy) | Undecided | Fix Released | ||
1194410 | Apply upstream patch to close XXE vulnerability in precise | libxml2 (Ubuntu Quantal) | Medium | Fix Released | ||
1194410 | Apply upstream patch to close XXE vulnerability in precise | libxml2 (Ubuntu Raring) | Undecided | Fix Released |
Bug #1199644: Please update to 28.0.1500.71
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1199644 | Please update to 28.0.1500.71 | chromium-browser (Ubuntu) | Undecided | Fix Released |
Bug #1201849: libxml2 security update regression
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1201849 | libxml2 security update regression | libxml2 (Ubuntu) | Undecided | Invalid | ||
1201849 | libxml2 security update regression | libxml2 (Ubuntu Lucid) | Undecided | Fix Released | ||
1201849 | libxml2 security update regression | libxml2 (Ubuntu Precise) | Undecided | Fix Released | ||
1201849 | libxml2 security update regression | libxml2 (Ubuntu Raring) | Undecided | Fix Released | ||
1201849 | libxml2 security update regression | libxml2 (Ubuntu Quantal) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.