CVE-2009-2416

Published: Aug 11, 2009Modified: Apr 23, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

Affected (38)

Products: Xmlsoft: Libxml, Libxml2 · Fedoraproject: Fedora · Debian: Debian Linux · +8 more

Show all products

Xmlsoft: Libxml, Libxml2 · Fedoraproject: Fedora · Debian: Debian Linux · Redhat: Enterprise Linux · Canonical: Ubuntu Linux · Google: Chrome · Apple: Iphone Os, Mac Os X, Mac Os X Server, Safari · Opensuse: Opensuse · Suse: Linux Enterprise, Linux Enterprise Server · Vmware: Esx, Esxi, Vcenter Server, Vma · Sun: Openoffice.org

2 products

1 product

1 product

1 product

1 product

1 product

4 products

1 product

2 products

Linux Enterprise Server

4 products

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Xmlsoft Libxml	Version 1.8.17
Xmlsoft Libxml2	Version 2.5.10
Xmlsoft Libxml2	Version 2.6.16
Xmlsoft Libxml2	Version 2.6.26
Xmlsoft Libxml2	Version 2.6.27
Xmlsoft Libxml2	Version 2.6.32

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 10
Fedoraproject Fedora	Version 11

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 4.0

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 5.0

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10
Canonical Ubuntu Linux	Version 9.04

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 2.0.172.43

Configuration G

8 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	From 2.0 to 4.0
Apple Mac Os X	Before 10.4.11
Apple Mac Os X	From 10.5.0 to 10.5.8
Apple Mac Os X	From 10.6.0 to 10.6.2
Apple Mac Os X Server	Before 10.4.11
Apple Mac Os X Server	From 10.5.0 to 10.5.8
Apple Mac Os X Server	From 10.6.0 to 10.6.2
Apple Safari	Before 4.0.4

Configuration H

4 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	From 10.3 to 11.1
Suse Linux Enterprise	Version 10.0
Suse Linux Enterprise	Version 11.0
Suse Linux Enterprise Server	Version 9

Configuration I

7 vulnerable

Vulnerable Software	Affected Versions
Vmware Esx	Version 3.0.3
Vmware Esx	Version 3.5
Vmware Esx	Version 4.0
Vmware Esxi	Version 3.5
Vmware Esxi	Version 4.0
Vmware Vcenter Server	Version 4.0
Vmware Vma	Version 4.0

Configuration J

2 vulnerable

Vulnerable Software	Affected Versions
Sun Openoffice.org	From 2.0.0 to 2.4.3
Sun Openoffice.org	From 3.0.0 to 3.1.1

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (72)

http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html

Source: secalert@redhat.com

Release Notes

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Source: secalert@redhat.com

Mailing List

http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html

Source: secalert@redhat.com

Mailing List

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: secalert@redhat.com

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html

Source: secalert@redhat.com

Mailing List

http://secunia.com/advisories/35036

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/36207

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/36338

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/36417

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/36631

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/37346

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/37471

Source: secalert@redhat.com

Broken Link

http://support.apple.com/kb/HT3937

Source: secalert@redhat.com

Third Party Advisory

http://support.apple.com/kb/HT3949

Source: secalert@redhat.com

Third Party Advisory

http://support.apple.com/kb/HT4225

Source: secalert@redhat.com

Third Party Advisory

http://www.cert.fi/en/reports/2009/vulnerability2009085.html

Source: secalert@redhat.com

Broken Link

http://www.codenomicon.com/labs/xml/

Source: secalert@redhat.com

Broken Link

http://www.debian.org/security/2009/dsa-1859

Source: secalert@redhat.com

Mailing ListPatch

http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html

Source: secalert@redhat.com

Patch

http://www.networkworld.com/columnists/2009/080509-xml-flaw.html

Source: secalert@redhat.com

Broken Link

http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/36010

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-815-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2009/2420

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2009/3184

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2009/3217

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2009/3316

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=515205

Source: secalert@redhat.com

Issue TrackingPatch

https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59

Source: secalert@redhat.com

Patch

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783

Source: secalert@redhat.com

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262

Source: secalert@redhat.com

Broken Link

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html

Source: secalert@redhat.com

Mailing List

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html

Source: secalert@redhat.com

Mailing List

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html

Source: secalert@redhat.com

Mailing List

http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html