CVE-2013-2877

EPSS 1.05%
Published 10.07.2013 10:55:02
Last modified 11.04.2025 00:51:21
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 28.0.1500.70

Google ≫ Chrome Version28.0.1500.0

Google ≫ Chrome Version28.0.1500.2

Google ≫ Chrome Version28.0.1500.3

Google ≫ Chrome Version28.0.1500.4

Google ≫ Chrome Version28.0.1500.5

Google ≫ Chrome Version28.0.1500.6

Google ≫ Chrome Version28.0.1500.8

Google ≫ Chrome Version28.0.1500.9

Google ≫ Chrome Version28.0.1500.10

Google ≫ Chrome Version28.0.1500.11

Google ≫ Chrome Version28.0.1500.12

Google ≫ Chrome Version28.0.1500.13

Google ≫ Chrome Version28.0.1500.14

Google ≫ Chrome Version28.0.1500.15

Google ≫ Chrome Version28.0.1500.16

Google ≫ Chrome Version28.0.1500.17

Google ≫ Chrome Version28.0.1500.18

Google ≫ Chrome Version28.0.1500.19

Google ≫ Chrome Version28.0.1500.20

Google ≫ Chrome Version28.0.1500.21

Google ≫ Chrome Version28.0.1500.22

Google ≫ Chrome Version28.0.1500.23

Google ≫ Chrome Version28.0.1500.24

Google ≫ Chrome Version28.0.1500.25

Google ≫ Chrome Version28.0.1500.26

Google ≫ Chrome Version28.0.1500.27

Google ≫ Chrome Version28.0.1500.28

Google ≫ Chrome Version28.0.1500.29

Google ≫ Chrome Version28.0.1500.31

Google ≫ Chrome Version28.0.1500.32

Google ≫ Chrome Version28.0.1500.33

Google ≫ Chrome Version28.0.1500.34

Google ≫ Chrome Version28.0.1500.35

Google ≫ Chrome Version28.0.1500.36

Google ≫ Chrome Version28.0.1500.37

Google ≫ Chrome Version28.0.1500.38

Google ≫ Chrome Version28.0.1500.39

Google ≫ Chrome Version28.0.1500.40

Google ≫ Chrome Version28.0.1500.41

Google ≫ Chrome Version28.0.1500.42

Google ≫ Chrome Version28.0.1500.43

Google ≫ Chrome Version28.0.1500.44

Google ≫ Chrome Version28.0.1500.45

Google ≫ Chrome Version28.0.1500.46

Google ≫ Chrome Version28.0.1500.47

Google ≫ Chrome Version28.0.1500.48

Google ≫ Chrome Version28.0.1500.49

Google ≫ Chrome Version28.0.1500.50

Google ≫ Chrome Version28.0.1500.51

Google ≫ Chrome Version28.0.1500.52

Google ≫ Chrome Version28.0.1500.53

Google ≫ Chrome Version28.0.1500.54

Google ≫ Chrome Version28.0.1500.56

Google ≫ Chrome Version28.0.1500.58

Google ≫ Chrome Version28.0.1500.59

Google ≫ Chrome Version28.0.1500.60

Google ≫ Chrome Version28.0.1500.61

Google ≫ Chrome Version28.0.1500.62

Google ≫ Chrome Version28.0.1500.63

Google ≫ Chrome Version28.0.1500.64

Google ≫ Chrome Version28.0.1500.66

Google ≫ Chrome Version28.0.1500.68

Xmlsoft ≫ Libxml2 Updaterc1 Version <= 2.9.0

Xmlsoft ≫ Libxml2 Version1.7.0

Xmlsoft ≫ Libxml2 Version1.7.1

Xmlsoft ≫ Libxml2 Version1.7.2

Xmlsoft ≫ Libxml2 Version1.7.3

Xmlsoft ≫ Libxml2 Version1.7.4

Xmlsoft ≫ Libxml2 Version1.8.0

Xmlsoft ≫ Libxml2 Version1.8.1

Xmlsoft ≫ Libxml2 Version1.8.2

Xmlsoft ≫ Libxml2 Version1.8.3

Xmlsoft ≫ Libxml2 Version1.8.4

Xmlsoft ≫ Libxml2 Version1.8.5

Xmlsoft ≫ Libxml2 Version1.8.6

Xmlsoft ≫ Libxml2 Version1.8.7

Xmlsoft ≫ Libxml2 Version1.8.9

Xmlsoft ≫ Libxml2 Version1.8.10

Xmlsoft ≫ Libxml2 Version1.8.13

Xmlsoft ≫ Libxml2 Version1.8.14

Xmlsoft ≫ Libxml2 Version1.8.16

Xmlsoft ≫ Libxml2 Version2.0.0

Xmlsoft ≫ Libxml2 Version2.1.0

Xmlsoft ≫ Libxml2 Version2.1.1

Xmlsoft ≫ Libxml2 Version2.2.0

Xmlsoft ≫ Libxml2 Version2.2.0 Updatebeta

Xmlsoft ≫ Libxml2 Version2.2.1

Xmlsoft ≫ Libxml2 Version2.2.2

Xmlsoft ≫ Libxml2 Version2.2.3

Xmlsoft ≫ Libxml2 Version2.2.4

Xmlsoft ≫ Libxml2 Version2.2.5

Xmlsoft ≫ Libxml2 Version2.2.6

Xmlsoft ≫ Libxml2 Version2.2.7

Xmlsoft ≫ Libxml2 Version2.2.8

Xmlsoft ≫ Libxml2 Version2.2.9

Xmlsoft ≫ Libxml2 Version2.2.10

Xmlsoft ≫ Libxml2 Version2.2.11

Xmlsoft ≫ Libxml2 Version2.3.0

Xmlsoft ≫ Libxml2 Version2.3.1

Xmlsoft ≫ Libxml2 Version2.3.2

Xmlsoft ≫ Libxml2 Version2.3.3

Xmlsoft ≫ Libxml2 Version2.3.4

Xmlsoft ≫ Libxml2 Version2.3.5

Xmlsoft ≫ Libxml2 Version2.3.6

Xmlsoft ≫ Libxml2 Version2.3.7

Xmlsoft ≫ Libxml2 Version2.3.8

Xmlsoft ≫ Libxml2 Version2.3.9

Xmlsoft ≫ Libxml2 Version2.3.10

Xmlsoft ≫ Libxml2 Version2.3.11

Xmlsoft ≫ Libxml2 Version2.3.12

Xmlsoft ≫ Libxml2 Version2.3.13

Xmlsoft ≫ Libxml2 Version2.3.14

Xmlsoft ≫ Libxml2 Version2.4.1

Xmlsoft ≫ Libxml2 Version2.4.2

Xmlsoft ≫ Libxml2 Version2.4.3

Xmlsoft ≫ Libxml2 Version2.4.4

Xmlsoft ≫ Libxml2 Version2.4.5

Xmlsoft ≫ Libxml2 Version2.4.6

Xmlsoft ≫ Libxml2 Version2.4.7

Xmlsoft ≫ Libxml2 Version2.4.8

Xmlsoft ≫ Libxml2 Version2.4.9

Xmlsoft ≫ Libxml2 Version2.4.10

Xmlsoft ≫ Libxml2 Version2.4.11

Xmlsoft ≫ Libxml2 Version2.4.12

Xmlsoft ≫ Libxml2 Version2.4.13

Xmlsoft ≫ Libxml2 Version2.4.14

Xmlsoft ≫ Libxml2 Version2.4.15

Xmlsoft ≫ Libxml2 Version2.4.16

Xmlsoft ≫ Libxml2 Version2.4.17

Xmlsoft ≫ Libxml2 Version2.4.18

Xmlsoft ≫ Libxml2 Version2.4.19

Xmlsoft ≫ Libxml2 Version2.4.20

Xmlsoft ≫ Libxml2 Version2.4.21

Xmlsoft ≫ Libxml2 Version2.4.22

Xmlsoft ≫ Libxml2 Version2.4.23

Xmlsoft ≫ Libxml2 Version2.4.24

Xmlsoft ≫ Libxml2 Version2.4.25

Xmlsoft ≫ Libxml2 Version2.4.26

Xmlsoft ≫ Libxml2 Version2.4.27

Xmlsoft ≫ Libxml2 Version2.4.28

Xmlsoft ≫ Libxml2 Version2.4.29

Xmlsoft ≫ Libxml2 Version2.4.30

Xmlsoft ≫ Libxml2 Version2.5.0

Xmlsoft ≫ Libxml2 Version2.5.4

Xmlsoft ≫ Libxml2 Version2.5.7

Xmlsoft ≫ Libxml2 Version2.5.8

Xmlsoft ≫ Libxml2 Version2.5.10

Xmlsoft ≫ Libxml2 Version2.5.11

Xmlsoft ≫ Libxml2 Version2.6.0

Xmlsoft ≫ Libxml2 Version2.6.1

Xmlsoft ≫ Libxml2 Version2.6.2

Xmlsoft ≫ Libxml2 Version2.6.3

Xmlsoft ≫ Libxml2 Version2.6.4

Xmlsoft ≫ Libxml2 Version2.6.5

Xmlsoft ≫ Libxml2 Version2.6.6

Xmlsoft ≫ Libxml2 Version2.6.7

Xmlsoft ≫ Libxml2 Version2.6.8

Xmlsoft ≫ Libxml2 Version2.6.9

Xmlsoft ≫ Libxml2 Version2.6.11

Xmlsoft ≫ Libxml2 Version2.6.12

Xmlsoft ≫ Libxml2 Version2.6.13

Xmlsoft ≫ Libxml2 Version2.6.14

Xmlsoft ≫ Libxml2 Version2.6.16

Xmlsoft ≫ Libxml2 Version2.6.17

Xmlsoft ≫ Libxml2 Version2.6.18

Xmlsoft ≫ Libxml2 Version2.6.20

Xmlsoft ≫ Libxml2 Version2.6.21

Xmlsoft ≫ Libxml2 Version2.6.22

Xmlsoft ≫ Libxml2 Version2.6.23

Xmlsoft ≫ Libxml2 Version2.6.24

Xmlsoft ≫ Libxml2 Version2.6.25

Xmlsoft ≫ Libxml2 Version2.6.26

Xmlsoft ≫ Libxml2 Version2.6.27

Xmlsoft ≫ Libxml2 Version2.6.28

Xmlsoft ≫ Libxml2 Version2.6.29

Xmlsoft ≫ Libxml2 Version2.6.30

Xmlsoft ≫ Libxml2 Version2.6.31

Xmlsoft ≫ Libxml2 Version2.6.32

Xmlsoft ≫ Libxml2 Version2.7.0

Xmlsoft ≫ Libxml2 Version2.7.1

Xmlsoft ≫ Libxml2 Version2.7.2

Xmlsoft ≫ Libxml2 Version2.7.3

Xmlsoft ≫ Libxml2 Version2.7.4

Xmlsoft ≫ Libxml2 Version2.7.5

Xmlsoft ≫ Libxml2 Version2.7.6

Xmlsoft ≫ Libxml2 Version2.7.7

Xmlsoft ≫ Libxml2 Version2.7.8

Xmlsoft ≫ Libxml2 Version2.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.05%	0.768

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html

http://secunia.com/advisories/55568

http://seclists.org/fulldisclosure/2014/Dec/23

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html

http://www.debian.org/security/2013/dsa-2724

ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz

http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1

http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html

http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html