Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2871

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2871
Last Modified 27 Jan 2014 11:45:36
Published 31 Aug 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2871

Summary

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.

Vulnerable Systems

Operating System

  • Apple Iphone Os 1.0.0

  • Apple Iphone Os 1.0.1

  • Apple Iphone Os 1.0.2

  • Apple Iphone Os 1.1.0

  • Apple Iphone Os 1.1.1

  • Apple Iphone Os 1.1.2

  • Apple Iphone Os 1.1.3

  • Apple Iphone Os 1.1.4

  • Apple Iphone Os 1.1.5

  • Apple Iphone Os 2.0

  • Apple Iphone Os 2.0.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

  • Apple Iphone Os 2.1.1

  • Apple Iphone Os 2.2

  • Apple Iphone Os 2.2.1

  • Apple Iphone Os 3.0

  • Apple Iphone Os 3.0.1

  • Apple Iphone Os 3.1

  • Apple Iphone Os 3.1.2

  • Apple Iphone Os 3.1.3

  • Apple Iphone Os 3.2

  • Apple Iphone Os 3.2.1

  • Apple Iphone Os 3.2.2

  • Apple Iphone Os 4.0

  • Apple Iphone Os 4.0.1

  • Apple Iphone Os 4.0.2

  • Apple Iphone Os 4.1

  • Apple Iphone Os 4.2.1

  • Apple Iphone Os 4.2.5

  • Apple Iphone Os 4.2.8

  • Apple Iphone Os 4.3.0

  • Apple Iphone Os 4.3.1

  • Apple Iphone Os 4.3.2

  • Apple Iphone Os 4.3.3

  • Apple Iphone Os 4.3.5

  • Apple Iphone Os 5.0

  • Apple Iphone Os 5.0.1

  • Apple Iphone Os 5.1

  • Apple Iphone Os 5.1.1

  • Apple Iphone Os 6.0

  • Apple Iphone Os 6.0.1

  • Apple Iphone Os 6.0.2

  • Apple Iphone Os 6.1

  • Apple Iphone Os 6.1.2

  • Apple Iphone Os 6.1.3

  • Apple Iphone Os 6.1.4

Application

  • Google Chrome 21.0.1180.0

  • Google Chrome 21.0.1180.1

  • Google Chrome 21.0.1180.2

  • Google Chrome 21.0.1180.31

  • Google Chrome 21.0.1180.32

  • Google Chrome 21.0.1180.33

  • Google Chrome 21.0.1180.34

  • Google Chrome 21.0.1180.35

  • Google Chrome 21.0.1180.36

  • Google Chrome 21.0.1180.37

  • Google Chrome 21.0.1180.38

  • Google Chrome 21.0.1180.39

  • Google Chrome 21.0.1180.41

  • Google Chrome 21.0.1180.46

  • Google Chrome 21.0.1180.47

  • Google Chrome 21.0.1180.48

  • Google Chrome 21.0.1180.49

  • Google Chrome 21.0.1180.50

  • Google Chrome 21.0.1180.51

  • Google Chrome 21.0.1180.52

  • Google Chrome 21.0.1180.53

  • Google Chrome 21.0.1180.54

  • Google Chrome 21.0.1180.55

  • Google Chrome 21.0.1180.56

  • Google Chrome 21.0.1180.57

  • Google Chrome 21.0.1180.59

  • Google Chrome 21.0.1180.60

  • Google Chrome 21.0.1180.61

  • Google Chrome 21.0.1180.62

  • Google Chrome 21.0.1180.63

  • Google Chrome 21.0.1180.64

  • Google Chrome 21.0.1180.68

  • Google Chrome 21.0.1180.69

  • Google Chrome 21.0.1180.70

  • Google Chrome 21.0.1180.71

  • Google Chrome 21.0.1180.72

  • Google Chrome 21.0.1180.73

  • Google Chrome 21.0.1180.74

  • Google Chrome 21.0.1180.75

  • Google Chrome 21.0.1180.76

  • Google Chrome 21.0.1180.77

  • Google Chrome 21.0.1180.78

  • Google Chrome 21.0.1180.79

  • Google Chrome 21.0.1180.80

  • Google Chrome 21.0.1180.81

  • Google Chrome 21.0.1180.82

  • Google Chrome 21.0.1180.83

  • Google Chrome 21.0.1180.84

  • Google Chrome 21.0.1180.85

  • Google Chrome 21.0.1180.86

  • Google Chrome 21.0.1180.87

  • Google Chrome 21.0.1180.88

  • Xmlsoft Libxml2 2.9.0


References

CONFIRM - https://chromiumcodereview.appspot.com/10824157

CONFIRM - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log

CONFIRM - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276&r2=149930

CONFIRM - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html

CONFIRM - http://code.google.com/p/chromium/issues/detail?id=138673

DEBIAN - DSA-2555

SUSE - openSUSE-SU-2012:1215

SECUNIA - 50838

XF - chrome-xsl-transforms-code-exec(78179)

MANDRIVA - MDVSA-2012:164

CONFIRM - http://support.apple.com/kb/HT5934

APPLE - APPLE-SA-2013-09-18-2

SECUNIA - 54886

APPLE - APPLE-SA-2013-10-22-8

CONFIRM - http://support.apple.com/kb/HT6001

Related Patches

SUN125731-09 Solaris 10 SPARC: XML and XSLT libraries patch (Rev 2)

SUN125732-09 Solaris 10 x86: XML and XSLT libraries patch (Rev 2)

Red Hat 2012:1265-02 RHSA Important: libxslt security update for RHEL 5 x86

Apple iTunes 11.1.2 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 11:03:02