CVE-2009-2416

Description

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

CVSS breakdown

Affected products

• Apple / iphone_os2.0 – 4.0
• Apple / mac_os_x10.4.11
• Apple / mac_os_x_server10.4.11
• Apple / Safari4.0.4
• Canonical / Ubuntu Linux8.04 – 8.04
• Canonical / Ubuntu Linux9.04 – 9.04
• Canonical / Ubuntu Linux8.10 – 8.10
• Canonical / Ubuntu Linux6.06 – 6.06
• Debian / debian_linux4.0 – 4.0
• fedoraproject / fedora11 – 11
• fedoraproject / fedora10 – 10
• Google / Chrome2.0.172.43
• openSUSE / opensuse10.3 – 11.1
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux5.0 – 5.0
• RedHat / enterprise_linux4.0 – 4.0
• sun / openoffice.org2.0.0 – 2.4.3
• SUSE / linux_enterprise11.0 – 11.0
• SUSE / linux_enterprise10.0 – 10.0
• SUSE / linux_enterprise_server9 – 9
• VMware / esx3.0.3 – 3.0.3
• VMware / esx4.0 – 4.0
• VMware / esx3.5 – 3.5
• VMware / ESXi3.5 – 3.5
• VMware / ESXi4.0 – 4.0
• VMware / vCenter Server4.0 – 4.0
• VMware / vma4.0 – 4.0
• xmlsoft / libxml1.8.17 – 1.8.17
• xmlsoft / libxml22.5.10 – 2.5.10
• xmlsoft / libxml22.6.16 – 2.6.16
• xmlsoft / libxml22.6.26 – 2.6.26
• xmlsoft / libxml22.6.27 – 2.6.27
• xmlsoft / libxml22.6.32 – 2.6.32

References

• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-815-1
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/36631
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262
• MISChttp://www.networkworld.com/columnists/2009/080509-xml-flaw.html
• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=515205
• MISChttp://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3217
• VENDOR_ADVISORYhttp://secunia.com/advisories/37471
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT4225
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/2420
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html
• VENDOR_ADVISORYhttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/36417
• MISChttp://www.cert.fi/en/reports/2009/vulnerability2009085.html
• MISChttp://www.codenomicon.com/labs/xml/
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT3949
• MAILING_LISThttp://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
• MISChttp://www.securityfocus.com/bid/36010
• MISChttp://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
• MISChttp://www.securityfocus.com/archive/1/507985/100/0/threaded
• MISChttps://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
• VENDOR_ADVISORYhttp://secunia.com/advisories/35036
• VENDOR_ADVISORYhttp://secunia.com/advisories/36338
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3184
• VENDOR_ADVISORYhttp://www.debian.org/security/2009/dsa-1859
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/37346
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3316
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT3937
• VENDOR_ADVISORYhttp://secunia.com/advisories/36207