FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-2416

This CVE name corresponds to:

Entered Topic
2011-11-10 libxml -- Multiple use-after-free vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-2416 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-2416
Phase Assigned(20090709)

Description

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

References

Source Reference
BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
MLIST [debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion
MISC http://www.cert.fi/en/reports/2009/vulnerability2009085.html
MISC http://www.codenomicon.com/labs/xml/
MISC http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=515205
CONFIRM http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
CONFIRM http://support.apple.com/kb/HT3937
CONFIRM http://support.apple.com/kb/HT3949
CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html
CONFIRM http://support.apple.com/kb/HT4225
CONFIRM http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
CONFIRM https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
APPLE APPLE-SA-2009-11-09-1
APPLE APPLE-SA-2009-11-11-1
APPLE APPLE-SA-2010-06-21-1
DEBIAN DSA-1859
FEDORA FEDORA-2009-8491
FEDORA FEDORA-2009-8498
FEDORA FEDORA-2009-8580
SUSE SUSE-SR:2009:015
UBUNTU USN-815-1
BID 36010
OVAL oval:org.mitre.oval:def:7783
OVAL oval:org.mitre.oval:def:9262
SECUNIA 36338
SECUNIA 36207
SECUNIA 36417
SECUNIA 37471
SECUNIA 37346
SECUNIA 35036
SECUNIA 36631
VUPEN ADV-2009-2420
VUPEN ADV-2009-3184
VUPEN ADV-2009-3316
VUPEN ADV-2009-3217

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.