FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml -- Integer overflow

Affected packages
libxml < 1.8.17_5
libxml2 < 2.7.8
linux-f10-libxml2 < 2.7.8


VuXML ID 7be92050-a450-11e2-9898-001060e06fd4
Discovery 2011-09-02
Entry 2011-11-10
Modified 2011-11-12

Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.


CVE Name CVE-2011-1944