CVE-2011-1944

EPSS 23.7%

libxml2 - buffer overflow

Published: 9/2/2011Modified: 4/28/2026

Description

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Affected packages (2)

Debian/libxml2from 0, < 2.7.8.dfsg-3
Debian/libxml2from 0, < 2.6.32.dfsg-5+lenny4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1944