CVE-2013-1969

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.1

Description The issue concerns multiple vulnerabilities in the libxml2 package, which can be exploited to compromise the confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, use-after-free vulnerabilities in libxml2 might allow attackers to cause a denial of service and possibly execute arbitrary code via vectors related to the htmlParseChunk and xmldecl done functions.

Recommendations For libxml2 versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the htmlParseChunk and xmldecl done functions until a patch is available. Avoid using the xmlBufGetInputBase function in affected API endpoints until the issue is resolved.