Date: Tue, 26 Jan 2016 18:02:45 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Hi, On Mon, Jan 25, 2016 at 08:01:08AM +0000, limingxing wrote: > > > Hello, > We find a vulnerability in the way libxml2's htmlParseNameComplex() function parsed certain xml file. > I was successful in reproducing this issuel in the latest version of libxml2(git clone git://git.gnome.org/libxml2). > HTMLparser.c line:2517 : > > return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); > > "ctxt->input->cur - len" cause Out-of-bounds Read. While checking upstream bugzilla to see if that was reported I noticed https://bugzilla.gnome.org/show_bug.cgi?id=749115 Does this have the same root cause? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.