ALAS-2014-341 ---- libxml2ID: oval:org.secpod.oval:def:1600013 | Date: (C)2016-01-07 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.
Platform: |
Amazon Linux AMI |