Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160126170245.GA2314@eldamar.local>
Date: Tue, 26 Jan 2016 18:02:45 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Out-of-bounds Read in the libxml2's
 htmlParseNameComplex() function

Hi,

On Mon, Jan 25, 2016 at 08:01:08AM +0000, limingxing wrote:
> 
> 
> Hello,
> We find a vulnerability in the way libxml2's htmlParseNameComplex() function parsed certain xml file.
> I was successful in reproducing this issuel in the latest version of libxml2(git clone git://git.gnome.org/libxml2).
> HTMLparser.c line:2517 :
> 
>        return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
> 
> "ctxt->input->cur - len"  cause Out-of-bounds Read.

While checking upstream bugzilla to see if that was reported I noticed

https://bugzilla.gnome.org/show_bug.cgi?id=749115

Does this have the same root cause?

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.