CVE-2009-2416
EUVD-2009-241211.08.2009, 18:30
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| xmlsoft | libxml | 1.8.17 |
| xmlsoft | libxml2 | 2.5.10 |
| xmlsoft | libxml2 | 2.6.16 |
| xmlsoft | libxml2 | 2.6.26 |
| xmlsoft | libxml2 | 2.6.27 |
| xmlsoft | libxml2 | 2.6.32 |
| debian | debian_linux | 4.0 |
| redhat | enterprise_linux | 3.0 |
| redhat | enterprise_linux | 4.0 |
| redhat | enterprise_linux | 5.0 |
| canonical | ubuntu_linux | 6.06 |
| canonical | ubuntu_linux | 8.04 |
| canonical | ubuntu_linux | 8.10 |
| canonical | ubuntu_linux | 9.04 |
| chrome | 𝑥 < 2.0.172.43 | |
| apple | safari | 𝑥 < 4.0.4 |
| apple | iphone_os | 2.0 ≤ 𝑥 < 4.0 |
| apple | mac_os_x | 𝑥 < 10.4.11 |
| apple | mac_os_x | 10.5.0 ≤ 𝑥 < 10.5.8 |
| apple | mac_os_x | 10.6.0 ≤ 𝑥 < 10.6.2 |
| apple | mac_os_x_server | 𝑥 < 10.4.11 |
| apple | mac_os_x_server | 10.5.0 ≤ 𝑥 < 10.5.8 |
| apple | mac_os_x_server | 10.6.0 ≤ 𝑥 < 10.6.2 |
| opensuse | opensuse | 10.3 ≤ 𝑥 ≤ 11.1 |
| suse | linux_enterprise | 10.0 |
| suse | linux_enterprise | 11.0 |
| vmware | vcenter_server | 4.0 |
| vmware | vma | 4.0 |
| vmware | esx | 3.0.3 |
| vmware | esx | 3.5 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
| vmware | esxi | 4.0 |
| sun | openoffice.org | 2.0.0 ≤ 𝑥 < 2.4.3 |
| sun | openoffice.org | 3.0.0 ≤ 𝑥 < 3.1.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libxml |
| ||||||||||||
| libxml2 |
|
Common Weakness Enumeration
References