Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: libxml2, buffer overflow via an entity

September 2008 by Vigil@nce


An attacker can create a malformed XML file in order to create a denial of service or code execution when it is analyzed by libxml2.

Gravity: 3/4

Consequences: user access/rights, denial of service of service

Provenance: document

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 12/09/2008

Identifier: VIGILANCE-VUL-8106


- Mandriva Corporate [confidential versions]
- Mandriva Linux [confidential versions]
- Red Hat Enterprise Linux [confidential versions]
- Unix - plateform


The libxml2 library implements features to handle data in XML format.

An XML file can contain special characters represented as entities, such as "<".

The xmlParseAttValueComplex() function of parser.c file analyzes entities contained in the value of an attribute. The replaceEntities field of the _xmlParserCtxt structure indicates if entities have to be converted or not.

When entities are not converted, and if an entity is unknown, it is simply copied in the output array. However, the array size is not extended to contain this entity.

An attacker can therefore use a long entity in order to generate an overflow leading to a denial of service or to code execution.


Identifiers: 461015, BID-31126, CVE-2008-3529, MDVSA-2008:192, RHSA-2008:0884-01, RHSA-2008:0886-01, VIGILANCE-VUL-8106

See previous articles


See next articles