CyberSec.Space Logo
返回 CVE 浏览器

CVE-2011-1944

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile34.30th
Published2011年9月2日
Last Modified2026年4月29日

Vulnerability Description

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Affected Platforms (CPE)

📦
Xmlsoft

Libxml2

= 2.6.0
📦
Xmlsoft

Libxml2

= 2.6.1
📦
Xmlsoft

Libxml2

= 2.6.2
📦
Xmlsoft

Libxml2

= 2.6.3
📦
Xmlsoft

Libxml2

= 2.6.4
📦
Xmlsoft

Libxml2

= 2.6.5
📦
Xmlsoft

Libxml2

= 2.6.6
📦
Xmlsoft

Libxml2

= 2.6.7
📦
Xmlsoft

Libxml2

= 2.6.8
📦
Xmlsoft

Libxml2

= 2.6.9
📦
Xmlsoft

Libxml2

= 2.6.11
📦
Xmlsoft

Libxml2

= 2.6.12
📦
Xmlsoft

Libxml2

= 2.6.13
📦
Xmlsoft

Libxml2

= 2.6.14
📦
Xmlsoft

Libxml2

= 2.6.16
📦
Xmlsoft

Libxml2

= 2.6.17
📦
Xmlsoft

Libxml2

= 2.6.18
📦
Xmlsoft

Libxml2

= 2.6.20
📦
Xmlsoft

Libxml2

= 2.6.22
📦
Xmlsoft

Libxml2

= 2.6.26
📦
Xmlsoft

Libxml2

= 2.6.27
📦
Xmlsoft

Libxml2

= 2.6.30
📦
Xmlsoft

Libxml2

= 2.6.32
📦
Xmlsoft

Libxml2

= 2.7.0
📦
Xmlsoft

Libxml2

= 2.7.1
📦
Xmlsoft

Libxml2

= 2.7.2
📦
Xmlsoft

Libxml2

= 2.7.3
📦
Xmlsoft

Libxml2

= 2.7.4
📦
Xmlsoft

Libxml2

= 2.7.5
📦
Xmlsoft

Libxml2

= 2.7.6
📦
Xmlsoft

Libxml2

= 2.7.7
📦
Xmlsoft

Libxml2

= 2.7.8
📦
Xmlsoft

Libxml

<= 1.8.16
📦
Xmlsoft

Libxml

= 1.5.0
📦
Xmlsoft

Libxml

= 1.6.0
📦
Xmlsoft

Libxml

= 1.6.1
📦
Xmlsoft

Libxml

= 1.6.2
📦
Xmlsoft

Libxml

= 1.7.0
📦
Xmlsoft

Libxml

= 1.7.1
📦
Xmlsoft

Libxml

= 1.7.2
📦
Xmlsoft

Libxml

= 1.7.3
📦
Xmlsoft

Libxml

= 1.7.4
📦
Xmlsoft

Libxml

= 1.8.0
📦
Xmlsoft

Libxml

= 1.8.1
📦
Xmlsoft

Libxml

= 1.8.2
📦
Xmlsoft

Libxml

= 1.8.3
📦
Xmlsoft

Libxml

= 1.8.4
📦
Xmlsoft

Libxml

= 1.8.5
📦
Xmlsoft

Libxml

= 1.8.6
📦
Xmlsoft

Libxml

= 1.8.7
📦
Xmlsoft

Libxml

= 1.8.8
📦
Xmlsoft

Libxml

= 1.8.9
📦
Xmlsoft

Libxml

= 1.8.10
📦
Xmlsoft

Libxml

= 1.8.11
📦
Xmlsoft

Libxml

= 1.8.12
📦
Xmlsoft

Libxml

= 1.8.13
📦
Xmlsoft

Libxml

= 1.8.14
📦
Xmlsoft

Libxml

= 1.8.15

References & Advisories

🔗 http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
🔗 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
🔗 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
🔗 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html
🔗 http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html
🔗 http://rhn.redhat.com/errata/RHSA-2013-0217.html
🔗 http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

相关漏洞威胁

CVE-2008-352910.0

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent at...

CVE-2008-422610.0

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of servic...

CVE-2004-098910.0

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut...

CVE-2017-73759.8

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity subst...