Unrated severityNVD Advisory· Published Jan 12, 2008· Updated Apr 23, 2026

CVE-2007-6284

Description

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Affected products

Debian/Debian Linux26 versions
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
Mandrakesoft/Mandrake Linux6 versions
cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*
Mandrakesoft/Mandrake Linux Corporate Server4 versions
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
Red Hat/Fedora2 versions
cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redhat.com/support/errata/RHSA-2008-0032.htmlnvdPatch
secunia.com/advisories/28439nvdVendor Advisory
secunia.com/advisories/28444nvdVendor Advisory
secunia.com/advisories/28450nvdVendor Advisory
secunia.com/advisories/28452nvdVendor Advisory
secunia.com/advisories/28458nvdVendor Advisory
secunia.com/advisories/28466nvdVendor Advisory
secunia.com/advisories/28470nvdVendor Advisory
secunia.com/advisories/28475nvdVendor Advisory
secunia.com/advisories/28636nvdVendor Advisory
secunia.com/advisories/28716nvdVendor Advisory
bugs.gentoo.org/show_bug.cginvd
lists.apple.com/archives/security-announce/2008//Jul/msg00001.htmlnvd
lists.vmware.com/pipermail/security-announce/2008/000009.htmlnvd
mail.gnome.org/archives/xml/2008-January/msg00036.htmlnvd
secunia.com/advisories/28740nvd
secunia.com/advisories/29591nvd
secunia.com/advisories/31074nvd
security.gentoo.org/glsa/glsa-200801-20.xmlnvd
securitytracker.com/idnvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
support.avaya.com/elmodocs2/security/ASA-2008-047.htmnvd
support.avaya.com/elmodocs2/security/ASA-2008-050.htmnvd
www.debian.org/security/2008/dsa-1461nvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/suse_security_summary_report.htmlnvd
www.securityfocus.com/archive/1/486410/100/0/threadednvd
www.securityfocus.com/archive/1/490306/100/0/threadednvd
www.securityfocus.com/bid/27248nvd
www.vupen.com/english/advisories/2008/0117nvd
www.vupen.com/english/advisories/2008/0144nvd
www.vupen.com/english/advisories/2008/1033/referencesnvd
www.vupen.com/english/advisories/2008/2094/referencesnvd
www.xmlsoft.org/news.htmlnvd
bugzilla.redhat.com/show_bug.cginvd
issues.rpath.com/browse/RPL-2121nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216nvd
usn.ubuntu.com/569-1/nvd
www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000