Vigil@nce - libxml2: use after free via parser and HTMLparser
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a freed memory area in parser.c and
HTMLparser.c of libxml2, in order to trigger a denial of service,
and possibly to execute code.
– Impacted products: Fedora, openSUSE, Unix (platform)
– Severity: 2/4
– Creation date: 17/04/2013
DESCRIPTION OF THE VULNERABILITY
The libxml2 library implements an XML parser. Two vulnerabilities
were announced in this parser.
An attacker can use a freed memory area in xmldecl_done() of
parser.c, in order to trigger a denial of service, and possibly to
execute code. [severity:2/4; CVE-2013-1969, CVE-2013-1970-REJECT]
An attacker can use a freed memory area in
xmlParserInputBufferPush() of HTMLparser.c, in order to trigger a
denial of service, and possibly to execute code. [severity:2/4;
CVE-2013-1969]
An attacker can therefore use a freed memory area in libxml2, in
order to trigger a denial of service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libxml2-use-after-free-via-parser-and-HTMLparser-12689