CVE-2012-5134 — MEDIUM (6.8)

Q: How severe is CVE-2012-5134?

CVE-2012-5134 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-5134?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Xmlsoft Libxml2, Apple Iphone Os.

Vulnerability Description

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Google	Chrome	<= 23.0.1271.89
Xmlsoft	Libxml2	<= 2.9.0
Apple	Iphone Os	<= 6.1.4

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2012-5134?

CVE-2012-5134 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers t...

How severe is CVE-2012-5134?

CVE-2012-5134 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5134?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Xmlsoft Libxml2, Apple Iphone Os.