Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
2011-09-02T16:55:03.553
2025-04-11T00:51:21.963
Deferred
CVSSv2: 9.3 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | xmlsoft | libxml2 | 2.6.0 | Yes |
| Application | xmlsoft | libxml2 | 2.6.1 | Yes |
| Application | xmlsoft | libxml2 | 2.6.2 | Yes |
| Application | xmlsoft | libxml2 | 2.6.3 | Yes |
| Application | xmlsoft | libxml2 | 2.6.4 | Yes |
| Application | xmlsoft | libxml2 | 2.6.5 | Yes |
| Application | xmlsoft | libxml2 | 2.6.6 | Yes |
| Application | xmlsoft | libxml2 | 2.6.7 | Yes |
| Application | xmlsoft | libxml2 | 2.6.8 | Yes |
| Application | xmlsoft | libxml2 | 2.6.9 | Yes |
| Application | xmlsoft | libxml2 | 2.6.11 | Yes |
| Application | xmlsoft | libxml2 | 2.6.12 | Yes |
| Application | xmlsoft | libxml2 | 2.6.13 | Yes |
| Application | xmlsoft | libxml2 | 2.6.14 | Yes |
| Application | xmlsoft | libxml2 | 2.6.16 | Yes |
| Application | xmlsoft | libxml2 | 2.6.17 | Yes |
| Application | xmlsoft | libxml2 | 2.6.18 | Yes |
| Application | xmlsoft | libxml2 | 2.6.20 | Yes |
| Application | xmlsoft | libxml2 | 2.6.22 | Yes |
| Application | xmlsoft | libxml2 | 2.6.26 | Yes |
| Application | xmlsoft | libxml2 | 2.6.27 | Yes |
| Application | xmlsoft | libxml2 | 2.6.30 | Yes |
| Application | xmlsoft | libxml2 | 2.6.32 | Yes |
| Application | xmlsoft | libxml2 | 2.7.0 | Yes |
| Application | xmlsoft | libxml2 | 2.7.1 | Yes |
| Application | xmlsoft | libxml2 | 2.7.2 | Yes |
| Application | xmlsoft | libxml2 | 2.7.3 | Yes |
| Application | xmlsoft | libxml2 | 2.7.4 | Yes |
| Application | xmlsoft | libxml2 | 2.7.5 | Yes |
| Application | xmlsoft | libxml2 | 2.7.6 | Yes |
| Application | xmlsoft | libxml2 | 2.7.7 | Yes |
| Application | xmlsoft | libxml2 | 2.7.8 | Yes |
| Application | xmlsoft | libxml | ≤ 1.8.16 | Yes |
| Application | xmlsoft | libxml | 1.5.0 | Yes |
| Application | xmlsoft | libxml | 1.6.0 | Yes |
| Application | xmlsoft | libxml | 1.6.1 | Yes |
| Application | xmlsoft | libxml | 1.6.2 | Yes |
| Application | xmlsoft | libxml | 1.7.0 | Yes |
| Application | xmlsoft | libxml | 1.7.1 | Yes |
| Application | xmlsoft | libxml | 1.7.2 | Yes |
| Application | xmlsoft | libxml | 1.7.3 | Yes |
| Application | xmlsoft | libxml | 1.7.4 | Yes |
| Application | xmlsoft | libxml | 1.8.0 | Yes |
| Application | xmlsoft | libxml | 1.8.1 | Yes |
| Application | xmlsoft | libxml | 1.8.2 | Yes |
| Application | xmlsoft | libxml | 1.8.3 | Yes |
| Application | xmlsoft | libxml | 1.8.4 | Yes |
| Application | xmlsoft | libxml | 1.8.5 | Yes |
| Application | xmlsoft | libxml | 1.8.6 | Yes |
| Application | xmlsoft | libxml | 1.8.7 | Yes |
| Application | xmlsoft | libxml | 1.8.8 | Yes |
| Application | xmlsoft | libxml | 1.8.9 | Yes |
| Application | xmlsoft | libxml | 1.8.10 | Yes |
| Application | xmlsoft | libxml | 1.8.11 | Yes |
| Application | xmlsoft | libxml | 1.8.12 | Yes |
| Application | xmlsoft | libxml | 1.8.13 | Yes |
| Application | xmlsoft | libxml | 1.8.14 | Yes |
| Application | xmlsoft | libxml | 1.8.15 | Yes |