Vulnerability Description
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xmlsoft | Libxml | 1.8.17 |
| Xmlsoft | Libxml2 | 2.5.10 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.ht
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
- http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
- http://secunia.com/advisories/35036
- http://secunia.com/advisories/36207
- http://secunia.com/advisories/36338
- http://secunia.com/advisories/36417
- http://secunia.com/advisories/36631
- http://secunia.com/advisories/37346
- http://secunia.com/advisories/37471
- http://support.apple.com/kb/HT3937
- http://support.apple.com/kb/HT3949
- http://support.apple.com/kb/HT4225
FAQ
What is CVE-2009-2414?
CVE-2009-2414 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a larg...
How severe is CVE-2009-2414?
CVE-2009-2414 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2414?
Check the references section above for vendor advisories and patch information. Affected products include: Xmlsoft Libxml, Xmlsoft Libxml2.