CVE-2012-0841

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.8.0 mingw32-libxml2 versions 2.7.6 mingw32-libxml2-debuginfo versions 2.7.6 mingw32-libxml2-static versions 2.7.6

Description The issue concerns multiple vulnerabilities in the libxml2 package, which can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are related to the computation of hash values without restricting the ability to trigger hash collisions predictably, allowing context-dependent attackers to cause a denial of service via crafted XML data. Additionally, the vulnerabilities involve double-free memory issues.

Recommendations For libxml2 versions prior to 2.8.0, update to version 2.8.0 or later. For mingw32-libxml2 versions 2.7.6, consider disabling the use of crafted XML data until a patch is available. For mingw32-libxml2-debuginfo versions 2.7.6, restrict access to sensitive information until a patch is available. For mingw32-libxml2-static versions 2.7.6, avoid using the vulnerable package until a patch is available. As a temporary workaround, consider restricting remote access to minimize the risk of exploitation.