CVE-2007-6284

Published: Jan 12, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Affected (38)

Products: Debian: Debian Linux · Mandrakesoft: Mandrake Linux, Mandrake Linux Corporate Server · Redhat: Fedora

1 product

2 products

Mandrake Linux Corporate Server

Redhat

1 product

Fedora

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Mandrakesoft Mandrake Linux	Version 2007.1
Mandrakesoft Mandrake Linux	Version 2007.1
Mandrakesoft Mandrake Linux	Version 2007
Mandrakesoft Mandrake Linux	Version 2007
Mandrakesoft Mandrake Linux	Version 2008.0
Mandrakesoft Mandrake Linux	Version 2008.0
Mandrakesoft Mandrake Linux Corporate Server	Version 3.0
Mandrakesoft Mandrake Linux Corporate Server	Version 3.0
Mandrakesoft Mandrake Linux Corporate Server	Version 4.0
Mandrakesoft Mandrake Linux Corporate Server	Version 4.0
Redhat Fedora	Version 7
Redhat Fedora	Version 8

Related CWEs

CWE-399

References (84)

http://bugs.gentoo.org/show_bug.cgi?id=202628

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

Source: secalert@redhat.com

http://lists.vmware.com/pipermail/security-announce/2008/000009.html

Source: secalert@redhat.com

http://mail.gnome.org/archives/xml/2008-January/msg00036.html

Source: secalert@redhat.com

http://secunia.com/advisories/28439

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28444

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28450

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28452

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28458

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28466

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28470

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28475

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28636

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28716

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28740

Source: secalert@redhat.com

http://secunia.com/advisories/29591

Source: secalert@redhat.com

http://secunia.com/advisories/31074

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-200801-20.xml

Source: secalert@redhat.com

http://securitytracker.com/id?1019181

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm

Source: secalert@redhat.com

http://www.debian.org/security/2008/dsa-1461

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2008:010

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/suse_security_summary_report.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0032.html

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/archive/1/486410/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/490306/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/27248

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/0117

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/0144

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/1033/references

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/2094/references

Source: secalert@redhat.com

http://www.xmlsoft.org/news.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=425927

Source: secalert@redhat.com

https://issues.rpath.com/browse/RPL-2121

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216

Source: secalert@redhat.com

https://usn.ubuntu.com/569-1/

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html

Source: secalert@redhat.com

http://bugs.gentoo.org/show_bug.cgi?id=202628