Bug 769160 – Use after free vulnerability related to XPointer range-to function

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 769160 - Use after free vulnerability related to XPointer range-to function


Summary:	Use after free vulnerability related to XPointer range-to function


Status:	RESOLVED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other All

Importance:	Normal major
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-07-25 16:48 UTC by David Dillard
Modified:	2016-10-12 18:09 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description David Dillard 2016-07-25 16:48:14 UTC

Per CVE-2016-5131, https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131

"Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function."

I looked through the open defects and the only one that I saw that looked sort of close was 306081, but that seemed to reproduce incorrect results, not a crash or remote code execution so I don't think it's the same.

Comment 1 Huzaifa Sidhpurwala (Red Hat Security Response) 2016-08-01 05:18:27 UTC

This is same as https://bugzilla.gnome.org/show_bug.cgi?id=768428 (closed security bug which contains all the details etc)