Unrated severityNVD Advisory· Published Aug 11, 2009· Updated Apr 23, 2026
CVE-2009-2414
CVE-2009-2414
Description
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
Affected products
6cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
36- www.debian.org/security/2009/dsa-1859nvdPatch
- googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.htmlnvd
- lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlnvd
- lists.apple.com/archives/security-announce/2009/Nov/msg00001.htmlnvd
- lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlnvd
- secunia.com/advisories/35036nvd
- secunia.com/advisories/36207nvd
- secunia.com/advisories/36338nvd
- secunia.com/advisories/36417nvd
- secunia.com/advisories/36631nvd
- secunia.com/advisories/37346nvd
- secunia.com/advisories/37471nvd
- support.apple.com/kb/HT3937nvd
- support.apple.com/kb/HT3949nvd
- support.apple.com/kb/HT4225nvd
- www.cert.fi/en/reports/2009/vulnerability2009085.htmlnvd
- www.codenomicon.com/labs/xml/nvd
- www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.htmlnvd
- www.networkworld.com/columnists/2009/080509-xml-flaw.htmlnvd
- www.openoffice.org/security/cves/CVE-2009-2414-2416.htmlnvd
- www.securityfocus.com/archive/1/507985/100/0/threadednvd
- www.securityfocus.com/bid/36010nvd
- www.ubuntu.com/usn/USN-815-1nvd
- www.vmware.com/security/advisories/VMSA-2009-0016.htmlnvd
- www.vupen.com/english/advisories/2009/2420nvd
- www.vupen.com/english/advisories/2009/3184nvd
- www.vupen.com/english/advisories/2009/3217nvd
- www.vupen.com/english/advisories/2009/3316nvd
- bugzilla.redhat.com/show_bug.cginvd
- git.gnome.org/browse/libxml2/commit/nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10129nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8639nvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.htmlnvd
News mentions
0No linked articles in our index yet.