CVE-2013-0338

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.9.0 and earlier

Description The issue affects the libxml2 package in Gentoo Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. It can be exploited remotely. Specifically, the problem allows context-dependent attackers to cause a denial of service by consuming CPU and memory resources via a specially crafted XML file. This XML file would contain an entity declaration with long replacement text and many references to this entity, a scenario described as "internal entity expansion" with linear complexity.

Recommendations For libxml2 versions 2.9.0 and earlier, update to version 2.9.1-r1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of external XML files to minimize the risk of exploitation. Avoid using the libxml2 package for parsing untrusted XML files until the issue is resolved.