What is CVE-2009-2414?

CVE-2009-2414 is a vulnerability in Xmlsoft Libxml, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2009-08-11.

Is CVE-2009-2414 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Xmlsoft Libxml

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DT…

Vulnerability class: Buffer Overflow

EPSS: 0.031 (86.2th percentile) — read the EPSS interpretation.

Affected products

Xmlsoft Libxml — versions 1.8.17
Xmlsoft Libxml2 — versions 2.5.10, 2.6.16, 2.6.26
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

akaganeite/CVE4PP

References

secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (vendor-advisory, x_refsource_APPLE)
secalert@redhat.com (vdb-entry, x_refsource_VUPEN)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (vdb-entry, x_refsource_VUPEN)

Frequently asked questions

What is CVE-2009-2414?: CVE-2009-2414 is a vulnerability in Xmlsoft Libxml, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2009-08-11.
Is CVE-2009-2414 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.