libxml2 is vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code.
Package: libxml2 version 2.7.8. Other versions may also be affected
Libxml2 XPath Nodeset Processing Vulnerability
Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
For the oldstable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny4.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-3.
The vulnerability is caused due to an error when reallocating memory in xpath.c during the processing of a XPath nodeset. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPath expression.Successful exploitation may allow execution of arbitrary code.