Vulnerability Details : CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2009-2416
- cpe:2.3:a:sun:openoffice.org:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:openoffice.org:*:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2416
0.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2416
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | 2024-02-02 |
CWE ids for CVE-2009-2416
-
Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2416
-
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursionPatch
-
http://www.vupen.com/english/advisories/2009/3184
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
Mailing List
-
http://support.apple.com/kb/HT3949
About the security content of Safari 4.0.4 - Apple SupportThird Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6Third Party Advisory
-
http://secunia.com/advisories/37346
About Secunia Research | FlexeraBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html
[SECURITY] Fedora 11 Update: mingw32-libxml2-2.7.3-2.fc11Mailing List
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262
404 Not FoundBroken Link
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
XML flaw threatens apps built with Sun, Apache, Python libraries | Network WorldBroken Link
-
http://www.securityfocus.com/bid/36010
Broken Link;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:015 - openSUSE Security Announce - openSUSE Mailing ListsMailing List
-
http://secunia.com/advisories/36417
About Secunia Research | FlexeraBroken Link
-
http://www.vupen.com/english/advisories/2009/3217
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://support.apple.com/kb/HT3937
Page Not Found - Apple SupportThird Party Advisory
-
http://www.ubuntu.com/usn/USN-815-1
USN-815-1: libxml2 vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/2420
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://support.apple.com/kb/HT4225
About the security content of iOS 4 - Apple SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783
404 Not FoundBroken Link
-
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
Etusivu | KyberturvallisuuskeskusBroken Link
-
http://secunia.com/advisories/36631
About Secunia Research | FlexeraBroken Link
-
http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
CVE-2009-2414 / CVE-2009-2416Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
[SECURITY] Fedora 10 Update: libxml2-2.7.3-2.fc10Mailing List
-
http://www.codenomicon.com/labs/xml/
Vulnerabilities Found at CyRC - CyRC | SynopsysBroken Link
-
http://secunia.com/advisories/36207
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/35036
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/36338
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/37471
About Secunia Research | FlexeraBroken Link
-
https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
Fix a couple of problems in the parser (489f9671) · Commits · GNOME / libxml2 · GitLabPatch
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
[SECURITY] Fedora 11 Update: libxml2-2.7.3-3.fc11Mailing List
-
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
Chrome Releases: Stable Update: Security fixesRelease Notes
-
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Mailing List
-
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Apple - Lists.apple.comMailing List
-
http://www.debian.org/security/2009/dsa-1859
[SECURITY] [DSA 1859-1] New libxml2 packages fix several issuesMailing List;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=515205
515205 – (CVE-2009-2416) CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute typesIssue Tracking;Patch
Jump to