Debian 9 Stretch: DLA-2369-1 Critical: Libxml2 Buffer Overflow Fix
debian lts
September 9, 2020
Several security vulnerabilities were corrected in libxml2, the GNOME XML library
Topics Covered
Summary
CVE-2017-8872
Global buffer-overflow in the htmlParseTryOrFinish function.
CVE-2017-18258
The xz_head function in libxml2 allows remote attackers to cause a
denial of service (memory consumption) via a crafted LZMA file,
because the decoder functionality does not restrict memory usage to
what is required for a legitimate file.
CVE-2018-14404
A NULL pointer dereference vulnerability exists in the
xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an
invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
Applications processing untrusted XSL format inputs may be
vulnerable to a denial of service attack.
CVE-2018-14567
If the option --with-lzma is used, allows remote attackers to cause
a denial of service (infinite loop) via a crafted XML file.
CVE-2019-19956
The xmlParseBalancedChunkMemoryRecover function has a memory leak
related to newDoc->oldNs.
CVE-2019-20388
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libxml2
Version: 2.9.4+dfsg1-2.2+deb9u3
CVE ID: CVE-2017-8872 CVE-2017-18258 CVE-2018-14404
Debian Bug: 895245 862450 949583 969529 949582
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!