Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 466238 (CVE-2013-1969) - <dev-libs/libxml2-2.9.1 : Multiple Use-After-Free Vulnerabilities (CVE-2013-1969)
Summary: <dev-libs/libxml2-2.9.1 : Multiple Use-After-Free Vulnerabilities (CVE-2013-1...
Alias: CVE-2013-1969
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on: CVE-2013-2877
  Show dependency tree
Reported: 2013-04-17 12:43 UTC by Agostino Sarubbo
Modified: 2013-11-10 15:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-04-17 12:43:24 UTC
From ${URL} :

Multiple vulnerabilities have been reported in libxml2, which can be exploited by malicious people 
to potentially compromise an application using the library.

1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed 

2) Two use-after-free errors in "xmldecl_done()" can be exploited to dereference already freed 

The vulnerabilities are reported in version 2.9.0. Other versions may also be affected.

Fixed in the git repository.
Further details available to Secunia VIM customers

Provided and/or discovered by
Disclosed by the vendor via a git commit.

Original Advisory

@maintainer(s): after the bump, please say explicitly if the package is ready for the stabilization or not
Comment 1 Agostino Sarubbo gentoo-dev 2013-04-19 07:08:52 UTC
CVE-2013-1970 rejected
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-04-26 11:14:49 UTC
CVE-2013-1969 (
  Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other
  versions might allow context-dependent attackers to cause a denial of
  service (crash) and possibly execute arbitrary code via vectors related to
  the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a
  buffer overflow in the xmlBufGetInputBase function.
Comment 3 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-07-12 17:52:51 UTC
This was fixed in >=libxml2-2.9.1, which is being stabilized at bug #476438
Comment 4 Sergey Popov gentoo-dev 2013-08-28 07:40:36 UTC
Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-11-10 15:19:06 UTC
This issue was resolved and addressed in
 GLSA 201311-06 at
by GLSA coordinator Sean Amoss (ackle).