CVE-2007-6284

Publication date 12 January 2008

Last updated 24 July 2024

Ubuntu priority

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libxml2	7.10 gutsy	Fixed 2.6.30.dfsg-2ubuntu1.1
	7.04 feisty	Fixed 2.6.27.dfsg-1ubuntu3.1
	6.10 edgy	Fixed 2.6.26.dfsg-2ubuntu4.1
	6.06 LTS dapper	Fixed 2.6.24.dfsg-1ubuntu1.1

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

private reproducer and patch on vendor-sec. DoS, but widely used

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-569-1
libxml2 vulnerability
14 January 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2007-6284