CVE-2011-1944

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.6.x through 2.6.32 libxml2 versions 2.7.x through 2.7.8 libxml version 1.8.16 and earlier

Description The issue is related to an integer overflow in the xpath.c file of libxml2, which can cause a denial of service (crash) and possibly allow the execution of arbitrary code via a crafted XML file. This is due to a heap-based buffer overflow when adding a new namespace node, related to the handling of XPath expressions. The vulnerability can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For libxml2 versions 2.6.x through 2.6.32, update to a version later than 2.6.32. For libxml2 versions 2.7.x through 2.7.8, update to a version later than 2.7.8. For libxml version 1.8.16 and earlier, update to a version later than 1.8.16. As a temporary workaround, consider restricting the use of the vulnerable libxml2 library until a patch is available. Avoid using the library for parsing untrusted XML files until the issue is resolved.