CVE-2007-6284

libxml2 <2.6.31 - DoS

Title source: llm

Description

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

References (42)

[Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=202628

[Mailing List] http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

[Vendor Advisory] http://secunia.com/advisories/28439

[Vendor Advisory] http://secunia.com/advisories/28444

[Vendor Advisory] http://secunia.com/advisories/28450

[Vendor Advisory] http://secunia.com/advisories/28452

[Vendor Advisory] http://secunia.com/advisories/28458

[Vendor Advisory] http://secunia.com/advisories/28466

[Vendor Advisory] http://secunia.com/advisories/28470

[Vendor Advisory] http://secunia.com/advisories/28475

[Vendor Advisory] http://secunia.com/advisories/28636

[Vendor Advisory] http://secunia.com/advisories/28716

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1019181

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:010

[Patch] http://www.redhat.com/support/errata/RHSA-2008-0032.html

[Various Sources] http://www.xmlsoft.org/news.html

... and 22 more

Scores

EPSS 0.0671

EPSS Percentile 91.1%

Classification

CWE

CWE-399

Status draft

Affected Products (38)

debian/debian_linux

... and 23 more

Timeline

Published Jan 12, 2008

Tracked Since Feb 18, 2026