CVE-2009-2414

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32 libxml version 1.8.17 libxml2 versions prior to 2.7.3

Description The issue is related to a stack consumption vulnerability in libxml2, allowing context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD. This is related to a function recursion. The vulnerability can be exploited remotely, leading to a disruption of protected information.

Recommendations For libxml2 versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, update to version 2.7.3 or later. For libxml version 1.8.17, update to a version later than 1.8.17. For libxml2 versions prior to 2.7.3, update to version 2.7.3 or later. As a temporary workaround, consider restricting the use of the libxml2 library until a patch is available.