PT-2013-1167 · Xmlsoft+5 · Libxml2+5

Published

2013-07-10

·

Updated

2026-03-13

·

CVE-2013-2877

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.0 libxml2 versions 2.7.6
Description The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML PARSER EOF state in parser.c. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely.
Recommendations For libxml2 versions 2.7.6, consider updating to a version prior to 2.9.0 to mitigate the risk. For libxml2 versions prior to 2.9.0, update to version 2.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the parser.c function until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-2345
BDU:2015-06384
BDU:2015-06385
BDU:2015-06387
BDU:2015-06389
BDU:2015-09022
BDU:2015-09023
BDU:2015-09024
BDU:2015-09025
BDU:2015-09713
CESA-2014_0513
CVE-2013-2877
DSA-2724-1
DSA-2779-1
MGASA-2013-0218
OPENSUSE-SU-2024:10549-1
OPENSUSE-SU-2024:11340-1
OPENSUSE-SU-2024:11912-1
OPENSUSE-SU-2024:13165-1
OPENSUSE-SU-2024:14174-1
OPENSUSE-SU-2025:14697-1
OPENSUSE-SU-2026:10356-1
RHSA-2014:0513
RHSA-2014_0513
SUSE-SU-2014_0150-1

Affected Products

Alt Linux
Centos
Junos
Red Hat
Suse
Libxml2