Denial of Service Vulnerability in libxml2 Affecting Google Chrome and Other Products
CVE-2013-2877

Currently unrated

Key Information:

Vendor: Xmlsoft
Status: Libxml2; Chrome
Vendor: CVE Published:; 10 July 2013

What is CVE-2013-2877?

A vulnerability in libxml2 prior to version 2.9.0, as used in Google Chrome versions before 28.0.1500.71, allows remote attackers to exploit an out-of-bounds read condition. This occurs when a document is unexpectedly truncated, revealing insufficient checks for the XML_PARSER_EOF state, leading to potential denial of service. Users of affected versions should update their libxml2 and Google Chrome to address this issue.

References

http://www.debian.org/security/2013/dsa-2779

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-security-announce/2013...

vendor-advisoryx_refsource_SUSE

http://www.vmware.com/security/advisories/VMSA-2014-0012....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2013
Vulnerability Reserved
Apr 11, 2013

Xmlsoft

What is CVE-2013-2877?

References

Timeline