Launchpad.net

CVE 2013-2877

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Related bugs and status

CVE-2013-2877 (Candidate) is related to these bugs:

Bug #1194410: Apply upstream patch to close XXE vulnerability in precise

		In	Importance	Status
1194410	Apply upstream patch to close XXE vulnerability in precise	libxml2 (Ubuntu)	Undecided	Fix Released
1194410	Apply upstream patch to close XXE vulnerability in precise	libxml2 (Ubuntu Lucid)	Medium	Fix Released
1194410	Apply upstream patch to close XXE vulnerability in precise	libxml2 (Ubuntu Precise)	Medium	Fix Released
1194410	Apply upstream patch to close XXE vulnerability in precise	libxml2 (Ubuntu Saucy)	Undecided	Fix Released
1194410	Apply upstream patch to close XXE vulnerability in precise	libxml2 (Ubuntu Quantal)	Medium	Fix Released
1194410	Apply upstream patch to close XXE vulnerability in precise	libxml2 (Ubuntu Raring)	Undecided	Fix Released

Bug #1199644: Please update to 28.0.1500.71

Summary				In	Importance	Status
	1199644	Please update to 28.0.1500.71		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1201849: libxml2 security update regression

		In	Importance	Status
1201849	libxml2 security update regression	libxml2 (Ubuntu)	Undecided	Invalid
1201849	libxml2 security update regression	libxml2 (Ubuntu Lucid)	Undecided	Fix Released
1201849	libxml2 security update regression	libxml2 (Ubuntu Precise)	Undecided	Fix Released
1201849	libxml2 security update regression	libxml2 (Ubuntu Raring)	Undecided	Fix Released
1201849	libxml2 security update regression	libxml2 (Ubuntu Quantal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2877

Related bugs and status

Related bugs

References