CVE-2014-0191

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.2 libxml2-devel version 2.7.6 libxml2-static version 2.7.6 libxml2-debuginfo version 2.7.6

Description The issue is related to the xmlParserHandlePEReference function in parser.c in libxml2, which loads external parameter entities regardless of whether entity substitution or validation is enabled. This allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. The vulnerability can be exploited remotely and may lead to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For libxml2 versions prior to 2.9.2, update to version 2.9.2 or later to resolve the issue. For libxml2-devel version 2.7.6, consider disabling the xmlParserHandlePEReference function as a temporary workaround until a patch is available. For libxml2-static version 2.7.6, restrict access to the vulnerable module to minimize the risk of exploitation. For libxml2-debuginfo version 2.7.6, avoid using the vulnerable xmlParserHandlePEReference function in the affected API endpoint until the issue is resolved.