CVE-2013-2877

Publication date 10 July 2013

Last updated 24 July 2024

Ubuntu priority

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	13.04 raring	Fixed 28.0.1500.71-0ubuntu1.13.04.1
	12.10 quantal	Fixed 28.0.1500.71-0ubuntu1.12.10.1
	12.04 LTS precise	Fixed 28.0.1500.71-0ubuntu1.12.04.1
	10.04 LTS lucid	Ignored
libxml2	13.04 raring	Fixed 2.9.0+dfsg1-4ubuntu4.2
	12.10 quantal	Fixed 2.8.0+dfsg1-5ubuntu2.3
	12.04 LTS precise	Fixed 2.7.8.dfsg-5.1ubuntu4.5
	10.04 LTS lucid	Fixed 2.7.6.dfsg-1ubuntu1.9

Notes

jdstrand

Mitre description uses the wrong version. Fix not until 2.9.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libxml2	Upstream: ?id=48b Upstream: ?id=e50 Upstream: ?id=9ca

References

Related Ubuntu Security Notices (USN)