CLD-18 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2016-5131 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) libxml2
Deficiency Type SECURITY
Date Created 2017-09-13 10:24:04
Date Last Modified 2017-09-13 10:44:42

Version Specific Information:

Cucumber 1.0 i686fixed in libxml2-2.9.5-i686-1
Cucumber 1.0 x86_64fixed in libxml2-2.9.5-x86_64-1 and libxml2-lib_i686-2.9.5-lib_i686-1

Cucumber 1.1 i686 fixed in libxml2-2.9.5-i686-1
Cucumber 1.1 x86_64 fixed in libxml2-2.9.5-x86_64-1 and libxml2-lib_i686-2.9.5-lib_i686-1

Details:

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome
before 52.0.2743.82, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to the XPointer
range-to function (https://nvd.nist.gov/vuln/detail/CVE-2016-5131).

The patch fixing this (https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e)
has been applied in 2.9.5.