Daniel Veillard

**Name of the Vulnerable Software and Affected Versions** libxml2 (affected versions not specified) **Description** The issue allows context-dependent attackers to cause a denial of service, resulting in an out-of-bounds read and application crash. This is related to the serialization of non-UTF-8 attribute values by the `xmlBufAttrSerializeTxtContent` function in `xmlsave.c`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.5.0 libxml2-devel versions prior to 2.5.0 libxml2-python versions prior to 2.5.0 **Description** The issue concerns multiple vulnerabilities in the libxml2 package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, libxml2 does not properly detect recursion during entity expansion, allowing context-dependent attackers to cause a denial of service via a crafted XML document containing a large number of nested entity references, also known as the "billion laughs attack." **Recommendations** For libxml2 versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. For libxml2-devel versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. For libxml2-python versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of XML documents to prevent the "billion laughs attack" until a patch is available.