CVE-2013-2877

EUVD-2013-2816
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 28.0.1500.70
googlechrome
28.0.1500.0
googlechrome
28.0.1500.2
googlechrome
28.0.1500.3
googlechrome
28.0.1500.4
googlechrome
28.0.1500.5
googlechrome
28.0.1500.6
googlechrome
28.0.1500.8
googlechrome
28.0.1500.9
googlechrome
28.0.1500.10
googlechrome
28.0.1500.11
googlechrome
28.0.1500.12
googlechrome
28.0.1500.13
googlechrome
28.0.1500.14
googlechrome
28.0.1500.15
googlechrome
28.0.1500.16
googlechrome
28.0.1500.17
googlechrome
28.0.1500.18
googlechrome
28.0.1500.19
googlechrome
28.0.1500.20
googlechrome
28.0.1500.21
googlechrome
28.0.1500.22
googlechrome
28.0.1500.23
googlechrome
28.0.1500.24
googlechrome
28.0.1500.25
googlechrome
28.0.1500.26
googlechrome
28.0.1500.27
googlechrome
28.0.1500.28
googlechrome
28.0.1500.29
googlechrome
28.0.1500.31
googlechrome
28.0.1500.32
googlechrome
28.0.1500.33
googlechrome
28.0.1500.34
googlechrome
28.0.1500.35
googlechrome
28.0.1500.36
googlechrome
28.0.1500.37
googlechrome
28.0.1500.38
googlechrome
28.0.1500.39
googlechrome
28.0.1500.40
googlechrome
28.0.1500.41
googlechrome
28.0.1500.42
googlechrome
28.0.1500.43
googlechrome
28.0.1500.44
googlechrome
28.0.1500.45
googlechrome
28.0.1500.46
googlechrome
28.0.1500.47
googlechrome
28.0.1500.48
googlechrome
28.0.1500.49
googlechrome
28.0.1500.50
googlechrome
28.0.1500.51
googlechrome
28.0.1500.52
googlechrome
28.0.1500.53
googlechrome
28.0.1500.54
googlechrome
28.0.1500.56
googlechrome
28.0.1500.58
googlechrome
28.0.1500.59
googlechrome
28.0.1500.60
googlechrome
28.0.1500.61
googlechrome
28.0.1500.62
googlechrome
28.0.1500.63
googlechrome
28.0.1500.64
googlechrome
28.0.1500.66
googlechrome
28.0.1500.68
xmlsoftlibxml2
𝑥
≤ 2.9.0
xmlsoftlibxml2
1.7.0
xmlsoftlibxml2
1.7.1
xmlsoftlibxml2
1.7.2
xmlsoftlibxml2
1.7.3
xmlsoftlibxml2
1.7.4
xmlsoftlibxml2
1.8.0
xmlsoftlibxml2
1.8.1
xmlsoftlibxml2
1.8.2
xmlsoftlibxml2
1.8.3
xmlsoftlibxml2
1.8.4
xmlsoftlibxml2
1.8.5
xmlsoftlibxml2
1.8.6
xmlsoftlibxml2
1.8.7
xmlsoftlibxml2
1.8.9
xmlsoftlibxml2
1.8.10
xmlsoftlibxml2
1.8.13
xmlsoftlibxml2
1.8.14
xmlsoftlibxml2
1.8.16
xmlsoftlibxml2
2.0.0
xmlsoftlibxml2
2.1.0
xmlsoftlibxml2
2.1.1
xmlsoftlibxml2
2.2.0
xmlsoftlibxml2
2.2.0:beta
xmlsoftlibxml2
2.2.1
xmlsoftlibxml2
2.2.2
xmlsoftlibxml2
2.2.3
xmlsoftlibxml2
2.2.4
xmlsoftlibxml2
2.2.5
xmlsoftlibxml2
2.2.6
xmlsoftlibxml2
2.2.7
xmlsoftlibxml2
2.2.8
xmlsoftlibxml2
2.2.9
xmlsoftlibxml2
2.2.10
xmlsoftlibxml2
2.2.11
xmlsoftlibxml2
2.3.0
xmlsoftlibxml2
2.3.1
xmlsoftlibxml2
2.3.2
xmlsoftlibxml2
2.3.3
xmlsoftlibxml2
2.3.4
xmlsoftlibxml2
2.3.5
xmlsoftlibxml2
2.3.6
xmlsoftlibxml2
2.3.7
xmlsoftlibxml2
2.3.8
xmlsoftlibxml2
2.3.9
xmlsoftlibxml2
2.3.10
xmlsoftlibxml2
2.3.11
xmlsoftlibxml2
2.3.12
xmlsoftlibxml2
2.3.13
xmlsoftlibxml2
2.3.14
xmlsoftlibxml2
2.4.1
xmlsoftlibxml2
2.4.2
xmlsoftlibxml2
2.4.3
xmlsoftlibxml2
2.4.4
xmlsoftlibxml2
2.4.5
xmlsoftlibxml2
2.4.6
xmlsoftlibxml2
2.4.7
xmlsoftlibxml2
2.4.8
xmlsoftlibxml2
2.4.9
xmlsoftlibxml2
2.4.10
xmlsoftlibxml2
2.4.11
xmlsoftlibxml2
2.4.12
xmlsoftlibxml2
2.4.13
xmlsoftlibxml2
2.4.14
xmlsoftlibxml2
2.4.15
xmlsoftlibxml2
2.4.16
xmlsoftlibxml2
2.4.17
xmlsoftlibxml2
2.4.18
xmlsoftlibxml2
2.4.19
xmlsoftlibxml2
2.4.20
xmlsoftlibxml2
2.4.21
xmlsoftlibxml2
2.4.22
xmlsoftlibxml2
2.4.23
xmlsoftlibxml2
2.4.24
xmlsoftlibxml2
2.4.25
xmlsoftlibxml2
2.4.26
xmlsoftlibxml2
2.4.27
xmlsoftlibxml2
2.4.28
xmlsoftlibxml2
2.4.29
xmlsoftlibxml2
2.4.30
xmlsoftlibxml2
2.5.0
xmlsoftlibxml2
2.5.4
xmlsoftlibxml2
2.5.7
xmlsoftlibxml2
2.5.8
xmlsoftlibxml2
2.5.10
xmlsoftlibxml2
2.5.11
xmlsoftlibxml2
2.6.0
xmlsoftlibxml2
2.6.1
xmlsoftlibxml2
2.6.2
xmlsoftlibxml2
2.6.3
xmlsoftlibxml2
2.6.4
xmlsoftlibxml2
2.6.5
xmlsoftlibxml2
2.6.6
xmlsoftlibxml2
2.6.7
xmlsoftlibxml2
2.6.8
xmlsoftlibxml2
2.6.9
xmlsoftlibxml2
2.6.11
xmlsoftlibxml2
2.6.12
xmlsoftlibxml2
2.6.13
xmlsoftlibxml2
2.6.14
xmlsoftlibxml2
2.6.16
xmlsoftlibxml2
2.6.17
xmlsoftlibxml2
2.6.18
xmlsoftlibxml2
2.6.20
xmlsoftlibxml2
2.6.21
xmlsoftlibxml2
2.6.22
xmlsoftlibxml2
2.6.23
xmlsoftlibxml2
2.6.24
xmlsoftlibxml2
2.6.25
xmlsoftlibxml2
2.6.26
xmlsoftlibxml2
2.6.27
xmlsoftlibxml2
2.6.28
xmlsoftlibxml2
2.6.29
xmlsoftlibxml2
2.6.30
xmlsoftlibxml2
2.6.31
xmlsoftlibxml2
2.6.32
xmlsoftlibxml2
2.7.0
xmlsoftlibxml2
2.7.1
xmlsoftlibxml2
2.7.2
xmlsoftlibxml2
2.7.3
xmlsoftlibxml2
2.7.4
xmlsoftlibxml2
2.7.5
xmlsoftlibxml2
2.7.6
xmlsoftlibxml2
2.7.7
xmlsoftlibxml2
2.7.8
xmlsoftlibxml2
2.8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxml2
bookworm
2.9.14+dfsg-1.3~deb12u1
fixed
bullseye
2.9.10+dfsg-6.7+deb11u4
fixed
bullseye (security)
2.9.10+dfsg-6.7+deb11u5
fixed
sid
2.12.7+dfsg+really2.9.14-0.1
fixed
trixie
2.12.7+dfsg+really2.9.14-0.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 28.0.1500.71-0ubuntu1.12.04.1
released
quantal
Fixed 28.0.1500.71-0ubuntu1.12.10.1
released
raring
Fixed 28.0.1500.71-0ubuntu1.13.04.1
released
libxml2
lucid
Fixed 2.7.6.dfsg-1ubuntu1.9
released
precise
Fixed 2.7.8.dfsg-5.1ubuntu4.5
released
quantal
Fixed 2.8.0+dfsg1-5ubuntu2.3
released
raring
Fixed 2.9.0+dfsg1-4ubuntu4.2
released
Common Weakness Enumeration
References
ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/54172
http://secunia.com/advisories/55568
http://www.debian.org/security/2013/dsa-2724
http://www.debian.org/security/2013/dsa-2779
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/61050
http://www.ubuntu.com/usn/USN-1904-1
http://www.ubuntu.com/usn/USN-1904-2
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://code.google.com/p/chromium/issues/detail?id=229019
ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/54172
http://secunia.com/advisories/55568
http://www.debian.org/security/2013/dsa-2724
http://www.debian.org/security/2013/dsa-2779
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/61050
http://www.ubuntu.com/usn/USN-1904-1
http://www.ubuntu.com/usn/USN-1904-2
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://code.google.com/p/chromium/issues/detail?id=229019