Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 4.0 | 4.0.x |
apple / mac_os_x | - | 10.5.7 |
apple / mac_os_x | 10.5.7 | 10.5.7.x |
canonical / ubuntu_linux | 6.06 | 6.06.x |
canonical / ubuntu_linux | 7.04 | 7.04.x |
canonical / ubuntu_linux | 7.10 | 7.10.x |
canonical / ubuntu_linux | 8.04 | 8.04.x |
canonical / ubuntu_linux | 8.10 | 8.10.x |
canonical / ubuntu_linux | 9.04 | 9.04.x |
apple / safari | - | 4.0 |
apple / safari | 3.2.0 | 3.2.3 |
xmlsoft / libxml2 | - | 2.7.0 |
apple / iphone_os | - | 3.0 |