CVE-2007-6284
NONE EPSS 83.2%
Published Jan 12, 200818y ago · Modified Jun 16, 20262w ago
Published Jan 12, 2008 18y ago
Last Modified Jun 16, 2026 2w ago
Description
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
Threat Intelligence
EPSS Exploit Probability
83.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-399
Affected Products 38
| Vendor | Product | Version | Range |
|---|---|---|---|
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| debian | debian_linux | 4.0 | any |
| mandrakesoft | mandrake_linux | 2007 | any |
| mandrakesoft | mandrake_linux | 2007 | any |
| mandrakesoft | mandrake_linux | 2007.1 | any |
| mandrakesoft | mandrake_linux | 2007.1 | any |
| mandrakesoft | mandrake_linux | 2008.0 | any |
| mandrakesoft | mandrake_linux | 2008.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 4.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 4.0 | any |
| redhat | fedora | 7 | any |
| redhat | fedora | 8 | any |
References 42
- bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=202628
- lists.apple.com http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
- lists.vmware.com http://lists.vmware.com/pipermail/security-announce/2008/000009.html
- mail.gnome.org http://mail.gnome.org/archives/xml/2008-January/msg00036.html
- secunia.com http://secunia.com/advisories/28439
- secunia.com http://secunia.com/advisories/28444
- secunia.com http://secunia.com/advisories/28450
- secunia.com http://secunia.com/advisories/28452
- secunia.com http://secunia.com/advisories/28458
- secunia.com http://secunia.com/advisories/28466
- secunia.com http://secunia.com/advisories/28470
- secunia.com http://secunia.com/advisories/28475
- secunia.com http://secunia.com/advisories/28636
- secunia.com http://secunia.com/advisories/28716
- secunia.com http://secunia.com/advisories/28740
- secunia.com http://secunia.com/advisories/29591
- secunia.com http://secunia.com/advisories/31074
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200801-20.xml
- securitytracker.com http://securitytracker.com/id?1019181
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1
- support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm
- support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm
- debian.org http://www.debian.org/security/2008/dsa-1461
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2008:010
- novell.com http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2008-0032.html
- securityfocus.com http://www.securityfocus.com/archive/1/486410/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/490306/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/27248
- vupen.com http://www.vupen.com/english/advisories/2008/0117
- vupen.com http://www.vupen.com/english/advisories/2008/0144
- vupen.com http://www.vupen.com/english/advisories/2008/1033/references
- vupen.com http://www.vupen.com/english/advisories/2008/2094/references
- xmlsoft.org http://www.xmlsoft.org/news.html
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=425927
- issues.rpath.com https://issues.rpath.com/browse/RPL-2121
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216
- usn.ubuntu.com https://usn.ubuntu.com/569-1/
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html
Remediation
- redhat.com http://www.redhat.com/support/errata/RHSA-2008-0032.html