CVE-2014-2525

EPSS 61.9%

libyaml - security update

Published: 3/28/2014Modified: 4/28/2026

Description

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

Affected packages (4)

Debian/libyamlfrom 0, < 0.1.4-3.2
Debian/libyamlfrom 0, < 0.1.3-1+deb6u4
Debian/libyaml-libyaml-perlfrom 0, < 0.41-5
Debian/libyaml-libyaml-perlfrom 0, < 0.33-1+squeeze3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2525