Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Jan 2016 18:02:45 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Out-of-bounds Read in the libxml2's
 htmlParseNameComplex() function

Hi,

On Mon, Jan 25, 2016 at 08:01:08AM +0000, limingxing wrote:
> 
> 
> Hello,
> We find a vulnerability in the way libxml2's htmlParseNameComplex() function parsed certain xml file.
> I was successful in reproducing this issuel in the latest version of libxml2(git clone git://git.gnome.org/libxml2).
> HTMLparser.c line:2517 :
> 
>        return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
> 
> "ctxt->input->cur - len"  cause Out-of-bounds Read.

While checking upstream bugzilla to see if that was reported I noticed

https://bugzilla.gnome.org/show_bug.cgi?id=749115

Does this have the same root cause?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ