Unrated severityNVD Advisory· Published Sep 2, 2011· Updated Apr 29, 2026
CVE-2011-1944
CVE-2011-1944
Description
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Affected products
58cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml:*:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:xmlsoft:libxml:*:*:*:*:*:*:*:*range: <=1.8.16
- cpe:2.3:a:xmlsoft:libxml:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.15:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- git.gnome.org/browse/libxml2/commit/nvdPatch
- scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.htmlnvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.htmlnvdExploitPatch
- www.openwall.com/lists/oss-security/2011/05/31/8nvdExploitPatch
- www.securityfocus.com/bid/48056nvdExploit
- bugzilla.redhat.com/show_bug.cginvdExploitPatch
- secunia.com/advisories/44711nvdVendor Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/security-announce/2012/May/msg00001.htmlnvd
- lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlnvd
- lists.opensuse.org/opensuse-updates/2011-07/msg00035.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0217.htmlnvd
- support.apple.com/kb/HT5281nvd
- support.apple.com/kb/HT5503nvd
- ubuntu.com/usn/usn-1153-1nvd
- www.debian.org/security/2011/dsa-2255nvd
- www.mandriva.com/security/advisoriesnvd
- www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlnvd
- www.osvdb.org/73248nvd
- www.redhat.com/support/errata/RHSA-2011-1749.htmlnvd
News mentions
0No linked articles in our index yet.