Heap-based buffer underflow vulnerability in the xmlParseAttValueComplex function in Google Chrome via crafted entities in an XML document (dpkg)ID: oval:org.secpod.oval:def:8132 | Date: (C)2012-12-05 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Google Chrome before 23.0.1271.91 and is prone to heap-based buffer underflow vulnerability. A flaw is present in the application, which fails to properly handle the xmlParseAttValueComplex function in parser.c in libxml2. Successful exploitation allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.