6.8

CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version <= 23.0.1271.89
GoogleChrome Version23.0.1271.0
GoogleChrome Version23.0.1271.1
GoogleChrome Version23.0.1271.2
GoogleChrome Version23.0.1271.3
GoogleChrome Version23.0.1271.4
GoogleChrome Version23.0.1271.5
GoogleChrome Version23.0.1271.6
GoogleChrome Version23.0.1271.7
GoogleChrome Version23.0.1271.8
GoogleChrome Version23.0.1271.10
GoogleChrome Version23.0.1271.11
GoogleChrome Version23.0.1271.12
GoogleChrome Version23.0.1271.13
GoogleChrome Version23.0.1271.14
GoogleChrome Version23.0.1271.15
GoogleChrome Version23.0.1271.16
GoogleChrome Version23.0.1271.17
GoogleChrome Version23.0.1271.18
GoogleChrome Version23.0.1271.19
GoogleChrome Version23.0.1271.20
GoogleChrome Version23.0.1271.21
GoogleChrome Version23.0.1271.22
GoogleChrome Version23.0.1271.23
GoogleChrome Version23.0.1271.24
GoogleChrome Version23.0.1271.26
GoogleChrome Version23.0.1271.30
GoogleChrome Version23.0.1271.31
GoogleChrome Version23.0.1271.32
GoogleChrome Version23.0.1271.33
GoogleChrome Version23.0.1271.35
GoogleChrome Version23.0.1271.36
GoogleChrome Version23.0.1271.37
GoogleChrome Version23.0.1271.38
GoogleChrome Version23.0.1271.39
GoogleChrome Version23.0.1271.40
GoogleChrome Version23.0.1271.41
GoogleChrome Version23.0.1271.44
GoogleChrome Version23.0.1271.45
GoogleChrome Version23.0.1271.46
GoogleChrome Version23.0.1271.49
GoogleChrome Version23.0.1271.50
GoogleChrome Version23.0.1271.51
GoogleChrome Version23.0.1271.52
GoogleChrome Version23.0.1271.53
GoogleChrome Version23.0.1271.54
GoogleChrome Version23.0.1271.55
GoogleChrome Version23.0.1271.56
GoogleChrome Version23.0.1271.57
GoogleChrome Version23.0.1271.58
GoogleChrome Version23.0.1271.60
GoogleChrome Version23.0.1271.61
GoogleChrome Version23.0.1271.62
GoogleChrome Version23.0.1271.64
GoogleChrome Version23.0.1271.83
GoogleChrome Version23.0.1271.84
GoogleChrome Version23.0.1271.85
GoogleChrome Version23.0.1271.86
GoogleChrome Version23.0.1271.87
GoogleChrome Version23.0.1271.88
XmlsoftLibxml2 Version <= 2.9.0
XmlsoftLibxml2 Version1.7.0
XmlsoftLibxml2 Version1.7.1
XmlsoftLibxml2 Version1.7.2
XmlsoftLibxml2 Version1.7.3
XmlsoftLibxml2 Version1.7.4
XmlsoftLibxml2 Version1.8.0
XmlsoftLibxml2 Version1.8.1
XmlsoftLibxml2 Version1.8.2
XmlsoftLibxml2 Version1.8.3
XmlsoftLibxml2 Version1.8.4
XmlsoftLibxml2 Version1.8.5
XmlsoftLibxml2 Version1.8.6
XmlsoftLibxml2 Version1.8.7
XmlsoftLibxml2 Version1.8.9
XmlsoftLibxml2 Version1.8.10
XmlsoftLibxml2 Version1.8.13
XmlsoftLibxml2 Version1.8.14
XmlsoftLibxml2 Version1.8.16
XmlsoftLibxml2 Version2.0.0
XmlsoftLibxml2 Version2.1.0
XmlsoftLibxml2 Version2.1.1
XmlsoftLibxml2 Version2.2.0
XmlsoftLibxml2 Version2.2.0 Updatebeta
XmlsoftLibxml2 Version2.2.1
XmlsoftLibxml2 Version2.2.2
XmlsoftLibxml2 Version2.2.3
XmlsoftLibxml2 Version2.2.4
XmlsoftLibxml2 Version2.2.5
XmlsoftLibxml2 Version2.2.6
XmlsoftLibxml2 Version2.2.7
XmlsoftLibxml2 Version2.2.8
XmlsoftLibxml2 Version2.2.9
XmlsoftLibxml2 Version2.2.10
XmlsoftLibxml2 Version2.2.11
XmlsoftLibxml2 Version2.3.0
XmlsoftLibxml2 Version2.3.1
XmlsoftLibxml2 Version2.3.2
XmlsoftLibxml2 Version2.3.3
XmlsoftLibxml2 Version2.3.4
XmlsoftLibxml2 Version2.3.5
XmlsoftLibxml2 Version2.3.6
XmlsoftLibxml2 Version2.3.7
XmlsoftLibxml2 Version2.3.8
XmlsoftLibxml2 Version2.3.9
XmlsoftLibxml2 Version2.3.10
XmlsoftLibxml2 Version2.3.11
XmlsoftLibxml2 Version2.3.12
XmlsoftLibxml2 Version2.3.13
XmlsoftLibxml2 Version2.3.14
XmlsoftLibxml2 Version2.4.1
XmlsoftLibxml2 Version2.4.2
XmlsoftLibxml2 Version2.4.3
XmlsoftLibxml2 Version2.4.4
XmlsoftLibxml2 Version2.4.5
XmlsoftLibxml2 Version2.4.6
XmlsoftLibxml2 Version2.4.7
XmlsoftLibxml2 Version2.4.8
XmlsoftLibxml2 Version2.4.9
XmlsoftLibxml2 Version2.4.10
XmlsoftLibxml2 Version2.4.11
XmlsoftLibxml2 Version2.4.12
XmlsoftLibxml2 Version2.4.13
XmlsoftLibxml2 Version2.4.14
XmlsoftLibxml2 Version2.4.15
XmlsoftLibxml2 Version2.4.16
XmlsoftLibxml2 Version2.4.17
XmlsoftLibxml2 Version2.4.18
XmlsoftLibxml2 Version2.4.19
XmlsoftLibxml2 Version2.4.20
XmlsoftLibxml2 Version2.4.21
XmlsoftLibxml2 Version2.4.22
XmlsoftLibxml2 Version2.4.23
XmlsoftLibxml2 Version2.4.24
XmlsoftLibxml2 Version2.4.25
XmlsoftLibxml2 Version2.4.26
XmlsoftLibxml2 Version2.4.27
XmlsoftLibxml2 Version2.4.28
XmlsoftLibxml2 Version2.4.29
XmlsoftLibxml2 Version2.4.30
XmlsoftLibxml2 Version2.5.0
XmlsoftLibxml2 Version2.5.4
XmlsoftLibxml2 Version2.5.7
XmlsoftLibxml2 Version2.5.8
XmlsoftLibxml2 Version2.5.10
XmlsoftLibxml2 Version2.5.11
XmlsoftLibxml2 Version2.6.0
XmlsoftLibxml2 Version2.6.1
XmlsoftLibxml2 Version2.6.2
XmlsoftLibxml2 Version2.6.3
XmlsoftLibxml2 Version2.6.4
XmlsoftLibxml2 Version2.6.5
XmlsoftLibxml2 Version2.6.6
XmlsoftLibxml2 Version2.6.7
XmlsoftLibxml2 Version2.6.8
XmlsoftLibxml2 Version2.6.9
XmlsoftLibxml2 Version2.6.11
XmlsoftLibxml2 Version2.6.12
XmlsoftLibxml2 Version2.6.13
XmlsoftLibxml2 Version2.6.14
XmlsoftLibxml2 Version2.6.16
XmlsoftLibxml2 Version2.6.17
XmlsoftLibxml2 Version2.6.18
XmlsoftLibxml2 Version2.6.20
XmlsoftLibxml2 Version2.6.22
XmlsoftLibxml2 Version2.6.26
XmlsoftLibxml2 Version2.6.27
XmlsoftLibxml2 Version2.6.30
XmlsoftLibxml2 Version2.6.32
XmlsoftLibxml2 Version2.7.0
XmlsoftLibxml2 Version2.7.1
XmlsoftLibxml2 Version2.7.2
XmlsoftLibxml2 Version2.7.3
XmlsoftLibxml2 Version2.7.4
XmlsoftLibxml2 Version2.7.5
XmlsoftLibxml2 Version2.7.6
XmlsoftLibxml2 Version2.7.7
XmlsoftLibxml2 Version2.9.0 Updaterc1
AppleiPhone OS Version <= 6.1.4
AppleiPhone OS Version1.0.0
AppleiPhone OS Version1.0.1
AppleiPhone OS Version1.0.2
AppleiPhone OS Version1.1.0
AppleiPhone OS Version1.1.1
AppleiPhone OS Version1.1.2
AppleiPhone OS Version1.1.3
AppleiPhone OS Version1.1.4
AppleiPhone OS Version1.1.5
AppleiPhone OS Version2.0
AppleiPhone OS Version2.0.0
AppleiPhone OS Version2.0.1
AppleiPhone OS Version2.0.2
AppleiPhone OS Version2.1
AppleiPhone OS Version2.1.1
AppleiPhone OS Version2.2
AppleiPhone OS Version2.2.1
AppleiPhone OS Version3.0
AppleiPhone OS Version3.0.1
AppleiPhone OS Version3.1
AppleiPhone OS Version3.1.2
AppleiPhone OS Version3.1.3
AppleiPhone OS Version3.2
AppleiPhone OS Version3.2.1
AppleiPhone OS Version3.2.2
AppleiPhone OS Version4.0
AppleiPhone OS Version4.0.1
AppleiPhone OS Version4.0.2
AppleiPhone OS Version4.1
AppleiPhone OS Version4.2.1
AppleiPhone OS Version4.2.5
AppleiPhone OS Version4.2.8
AppleiPhone OS Version4.3.0
AppleiPhone OS Version4.3.1
AppleiPhone OS Version4.3.2
AppleiPhone OS Version4.3.3
AppleiPhone OS Version4.3.5
AppleiPhone OS Version5.0
AppleiPhone OS Version5.0.1
AppleiPhone OS Version5.1
AppleiPhone OS Version5.1.1
AppleiPhone OS Version6.0
AppleiPhone OS Version6.0.1
AppleiPhone OS Version6.0.2
AppleiPhone OS Version6.1
AppleiPhone OS Version6.1.2
AppleiPhone OS Version6.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.38% 0.9
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
http://secunia.com/advisories/55568
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://secunia.com/advisories/54886
http://support.apple.com/kb/HT5934
http://support.apple.com/kb/HT6001
http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
http://www.securityfocus.com/bid/56684
http://www.securitytracker.com/id?1027815
http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html
http://rhn.redhat.com/errata/RHSA-2012-1512.html
http://secunia.com/advisories/51448
http://www.debian.org/security/2012/dsa-2580
http://www.ubuntu.com/usn/USN-1656-1
https://bugzilla.redhat.com/show_bug.cgi?id=880466
https://code.google.com/p/chromium/issues/detail?id=158249
https://exchange.xforce.ibmcloud.com/vulnerabilities/80294