6.8
CVE-2012-5134
- EPSS 4.38%
- Veröffentlicht 28.11.2012 01:55:01
- Zuletzt bearbeitet 16.06.2026 23:46:18
- Quelle chrome-cve-admin@google.com
- CVE-Watchlists
- Unerledigt
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.38% | 0.9 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
http://secunia.com/advisories/55568
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://secunia.com/advisories/54886
http://support.apple.com/kb/HT5934
http://support.apple.com/kb/HT6001
http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
http://www.securityfocus.com/bid/56684
http://www.securitytracker.com/id?1027815
http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html
http://rhn.redhat.com/errata/RHSA-2012-1512.html
http://secunia.com/advisories/51448
http://www.debian.org/security/2012/dsa-2580
http://www.ubuntu.com/usn/USN-1656-1
https://bugzilla.redhat.com/show_bug.cgi?id=880466
https://code.google.com/p/chromium/issues/detail?id=158249
https://exchange.xforce.ibmcloud.com/vulnerabilities/80294