Vigil@nce - libxml2: denial of service via a truncation
July 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a truncated XML file, to an application
linked to libxml2, in order to trigger a denial of service.
Impacted products: openSUSE, Unix (platform)
Severity: 1/4
Creation date: 19/07/2013
DESCRIPTION OF THE VULNERABILITY
The libxml2 library implements an XML parser.
However, several libxml2 functions do not check the premature end
of data. They then try to read after the end of data, which stops
the application.
An attacker can therefore send a truncated XML file, to an
application linked to libxml2, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libxml2-denial-of-service-via-a-truncation-13145