CVE-2007-6284

Publication date 12 January 2008

Last updated 24 July 2024


Ubuntu priority

Description

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Read the notes from the security team

Status

Package Ubuntu Release Status
libxml2 7.10 gutsy
Fixed 2.6.30.dfsg-2ubuntu1.1
7.04 feisty
Fixed 2.6.27.dfsg-1ubuntu3.1
6.10 edgy
Fixed 2.6.26.dfsg-2ubuntu4.1
6.06 LTS dapper
Fixed 2.6.24.dfsg-1ubuntu1.1

Notes


jdstrand

private reproducer and patch on vendor-sec. DoS, but widely used

References

Related Ubuntu Security Notices (USN)

    • USN-569-1
    • libxml2 vulnerability
    • 14 January 2008

Other references