Use-After-Free Vulnerabilities in libxml2 and libxml Products
CVE-2009-2416

6.5MEDIUM

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Libxml
Vendor
CVE Published:
11 August 2009

What is CVE-2009-2416?

Multiple use-after-free vulnerabilities have been identified in libxml2 and libxml that can be exploited by attackers to induce application crashes. These vulnerabilities occur due to improper handling of Notation or Enumeration attribute types within crafted XML files, allowing context-dependent attackers to trigger denial of service conditions. This issue underscores the importance of secure coding practices within XML parsing libraries to mitigate potential security risks.

References

http://www.ubuntu.com/usn/USN-815-1
vendor-advisoryx_refsource_UBUNTU
https://www.redhat.com/archives/fedora-package-announce/2...
vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/36631
third-party-advisoryx_refsource_SECUNIA

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.