FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-5134

This CVE name corresponds to:

Entered Topic
2012-11-27 chromium -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-5134
Phase Assigned(20120924)

Description

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

References

Source Reference
CONFIRM http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
CONFIRM http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=880466
CONFIRM https://code.google.com/p/chromium/issues/detail?id=158249
CONFIRM http://support.apple.com/kb/HT5934
CONFIRM http://support.apple.com/kb/HT6001
APPLE APPLE-SA-2013-09-18-2
APPLE APPLE-SA-2013-10-22-8
DEBIAN DSA-2580
MANDRIVA MDVSA-2013:056
REDHAT RHSA-2012:1512
REDHAT RHSA-2013:0217
SUSE openSUSE-SU-2012:1637
SUSE openSUSE-SU-2013:0178
SUSE SUSE-SU-2013:1627
UBUNTU USN-1656-1
BID 56684
SECTRACK 1027815
SECUNIA 51448
SECUNIA 54886
SECUNIA 55568
XF google-libxml-buffer-underflow(80294)