CyberSec.Space Logo
Back to CVE Browser

CVE-2011-1944

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile34.30th
PublishedSep 2, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Affected Platforms (CPE)

πŸ“¦
Xmlsoft

Libxml2

= 2.6.0
πŸ“¦
Xmlsoft

Libxml2

= 2.6.1
πŸ“¦
Xmlsoft

Libxml2

= 2.6.2
πŸ“¦
Xmlsoft

Libxml2

= 2.6.3
πŸ“¦
Xmlsoft

Libxml2

= 2.6.4
πŸ“¦
Xmlsoft

Libxml2

= 2.6.5
πŸ“¦
Xmlsoft

Libxml2

= 2.6.6
πŸ“¦
Xmlsoft

Libxml2

= 2.6.7
πŸ“¦
Xmlsoft

Libxml2

= 2.6.8
πŸ“¦
Xmlsoft

Libxml2

= 2.6.9
πŸ“¦
Xmlsoft

Libxml2

= 2.6.11
πŸ“¦
Xmlsoft

Libxml2

= 2.6.12
πŸ“¦
Xmlsoft

Libxml2

= 2.6.13
πŸ“¦
Xmlsoft

Libxml2

= 2.6.14
πŸ“¦
Xmlsoft

Libxml2

= 2.6.16
πŸ“¦
Xmlsoft

Libxml2

= 2.6.17
πŸ“¦
Xmlsoft

Libxml2

= 2.6.18
πŸ“¦
Xmlsoft

Libxml2

= 2.6.20
πŸ“¦
Xmlsoft

Libxml2

= 2.6.22
πŸ“¦
Xmlsoft

Libxml2

= 2.6.26
πŸ“¦
Xmlsoft

Libxml2

= 2.6.27
πŸ“¦
Xmlsoft

Libxml2

= 2.6.30
πŸ“¦
Xmlsoft

Libxml2

= 2.6.32
πŸ“¦
Xmlsoft

Libxml2

= 2.7.0
πŸ“¦
Xmlsoft

Libxml2

= 2.7.1
πŸ“¦
Xmlsoft

Libxml2

= 2.7.2
πŸ“¦
Xmlsoft

Libxml2

= 2.7.3
πŸ“¦
Xmlsoft

Libxml2

= 2.7.4
πŸ“¦
Xmlsoft

Libxml2

= 2.7.5
πŸ“¦
Xmlsoft

Libxml2

= 2.7.6
πŸ“¦
Xmlsoft

Libxml2

= 2.7.7
πŸ“¦
Xmlsoft

Libxml2

= 2.7.8
πŸ“¦
Xmlsoft

Libxml

<= 1.8.16
πŸ“¦
Xmlsoft

Libxml

= 1.5.0
πŸ“¦
Xmlsoft

Libxml

= 1.6.0
πŸ“¦
Xmlsoft

Libxml

= 1.6.1
πŸ“¦
Xmlsoft

Libxml

= 1.6.2
πŸ“¦
Xmlsoft

Libxml

= 1.7.0
πŸ“¦
Xmlsoft

Libxml

= 1.7.1
πŸ“¦
Xmlsoft

Libxml

= 1.7.2
πŸ“¦
Xmlsoft

Libxml

= 1.7.3
πŸ“¦
Xmlsoft

Libxml

= 1.7.4
πŸ“¦
Xmlsoft

Libxml

= 1.8.0
πŸ“¦
Xmlsoft

Libxml

= 1.8.1
πŸ“¦
Xmlsoft

Libxml

= 1.8.2
πŸ“¦
Xmlsoft

Libxml

= 1.8.3
πŸ“¦
Xmlsoft

Libxml

= 1.8.4
πŸ“¦
Xmlsoft

Libxml

= 1.8.5
πŸ“¦
Xmlsoft

Libxml

= 1.8.6
πŸ“¦
Xmlsoft

Libxml

= 1.8.7
πŸ“¦
Xmlsoft

Libxml

= 1.8.8
πŸ“¦
Xmlsoft

Libxml

= 1.8.9
πŸ“¦
Xmlsoft

Libxml

= 1.8.10
πŸ“¦
Xmlsoft

Libxml

= 1.8.11
πŸ“¦
Xmlsoft

Libxml

= 1.8.12
πŸ“¦
Xmlsoft

Libxml

= 1.8.13
πŸ“¦
Xmlsoft

Libxml

= 1.8.14
πŸ“¦
Xmlsoft

Libxml

= 1.8.15

References & Advisories

πŸ”— http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
πŸ”— http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
πŸ”— http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
πŸ”— http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html
πŸ”— http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2013-0217.html
πŸ”— http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

Related Vulnerabilities

CVE-2008-352910.0

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent at...

CVE-2008-422610.0

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of servic...

CVE-2004-098910.0

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut...

CVE-2017-73759.8

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity subst...