CVE-2009-2416

EPSS 0.19%
Published 11.08.2009 18:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

Affected products Warnungen 0 Metrics 4 CWE 1 References 39

Data is provided by the National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml Version1.8.17

Xmlsoft ≫ Libxml2 Version2.5.10

Xmlsoft ≫ Libxml2 Version2.6.16

Xmlsoft ≫ Libxml2 Version2.6.26

Xmlsoft ≫ Libxml2 Version2.6.27

Xmlsoft ≫ Libxml2 Version2.6.32

Fedoraproject ≫ Fedora Version10

Fedoraproject ≫ Fedora Version11

Debian ≫ Debian Linux Version4.0

Redhat ≫ Enterprise Linux Version3.0

Redhat ≫ Enterprise Linux Version4.0

Redhat ≫ Enterprise Linux Version5.0

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version8.10

Canonical ≫ Ubuntu Linux Version9.04

Google ≫ Chrome Version < 2.0.172.43

Apple ≫ Safari Version < 4.0.4

Apple ≫ iPhone OS Version >= 2.0 < 4.0

Apple ≫ macOS X Version < 10.4.11

Apple ≫ macOS X Version >= 10.5.0 < 10.5.8

Apple ≫ macOS X Version >= 10.6.0 < 10.6.2

Apple ≫ macOS X Server Version < 10.4.11

Apple ≫ macOS X Server Version >= 10.5.0 < 10.5.8

Apple ≫ macOS X Server Version >= 10.6.0 < 10.6.2

Opensuse ≫ Opensuse Version >= 10.3 <= 11.1

Suse ≫ Linux Enterprise Version10.0 Update-

Suse ≫ Linux Enterprise Version11.0 Update-

Suse ≫ Linux Enterprise Server Version9

VMware ≫ Vcenter Server Version4.0 Update-

VMware ≫ Vma Version4.0

VMware ≫ Esx Version3.0.3

VMware ≫ Esx Version3.5

VMware ≫ Esx Version4.0

VMware ≫ ESXi Version3.5

VMware ≫ ESXi Version4.0

Sun ≫ Openoffice.Org Version >= 2.0.0 < 2.4.3

Sun ≫ Openoffice.Org Version >= 3.0.0 < 3.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.414

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://secunia.com/advisories/37471

Broken Link

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Third Party Advisory

http://www.vupen.com/english/advisories/2009/3316

Broken Link

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Mailing List