CVE-2011-1944

libxml2 <2.6.32 & 2.7.8 - DoS/Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1944. PoCs published by Chris Evans.

AI-analyzed exploit summary The provided text describes a vulnerability in libxml2 (CVE-2011-1944) involving memory corruption via a crafted XPath expression. It includes an example XPath payload but lacks executable exploit code.

Description

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Chris Evans · textremotelinux

https://www.exploit-db.com/exploits/35810

View Code ZIP pw:eip

The provided text describes a vulnerability in libxml2 (CVE-2011-1944) involving memory corruption via a crafted XPath expression. It includes an example XPath payload but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: libxml2 (versions prior to 2.7.8)

No auth needed

Prerequisites: User interaction to open a malicious XML file

MITRE ATT&CK

T1220 - XSL Script Processing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/48056

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44711

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:131

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html

Patch x_refsource_confirm

http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT5503

Exploit, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=709747

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0217.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-1749.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2255

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/73248

Patch, Vendor Advisory x_refsource_misc

http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

Exploit, Patch vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html

Exploit, Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2011/05/31/8

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT5281

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Various Sources vendor-advisory x_refsource_ubuntu

http://ubuntu.com/usn/usn-1153-1

Scores

EPSS 0.1373

EPSS Percentile 96.0%

Details

CWE

CWE-189

Status published

Products (50)

xmlsoft/libxml 1.5.0

xmlsoft/libxml 1.6.0

xmlsoft/libxml 1.6.1

xmlsoft/libxml 1.6.2

xmlsoft/libxml 1.7.0

xmlsoft/libxml 1.7.1

xmlsoft/libxml 1.7.2

xmlsoft/libxml 1.7.3

xmlsoft/libxml 1.7.4

xmlsoft/libxml 1.8.0

... and 40 more

Published Sep 02, 2011

Tracked Since Feb 18, 2026