CVE-2012-5134

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.1 libxml2-2 versions prior to 2.9.1 libxml2-2-32bit versions prior to 2.9.1 libxml2-32bit versions prior to 2.9.1 libxml2-devel versions prior to 2.9.1 libxml2-devel-32bit versions prior to 2.9.1 libxml2-doc versions prior to 2.9.1 libxml2-debuginfo versions prior to 2.9.1 libxml2-debuginfo-32bit versions prior to 2.9.1 libxml2-debuginfo-x86 versions prior to 2.9.1 libxml2-test versions prior to 2.9.1 libxml2-tools versions prior to 2.9.1 libxml2-tools-debuginfo versions prior to 2.9.1 libxml2-x86 versions prior to 2.9.1 mingw32-libxml2-2.7.6 mingw32-libxml2-static-2.7.6 mingw32-libxml2-debuginfo-2.7.6

Description The issue is related to a heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2, which can be exploited remotely. This can lead to a denial of service or possibly execute arbitrary code via crafted entities in an XML document. The vulnerability can be exploited to disrupt the confidentiality, integrity, and availability of protected information.

Recommendations For libxml2 versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-2 versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-2-32bit versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-32bit versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-devel versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-devel-32bit versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-doc versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-debuginfo versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-debuginfo-32bit versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-debuginfo-x86 versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-test versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-tools versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-tools-debuginfo versions prior to 2.9.1, update to version 2.9.1 or later. For libxml2-x86 versions prior to 2.9.1, update to version 2.9.1 or later. For mingw32-libxml2-2.7.6, update to a version that is not vulnerable. For mingw32-libxml2-static-2.7.6, update to a version that is not vulnerable. For mingw32-libxml2-debuginfo-2.7.6, update to a version that is not vulnerable.