libxml2

• Author: kikadf
• Vulnerable: 2.8.0-1
• Unaffected: 2.8.0-2arcturus1

It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. It was discovered that libxml2 would load XML external entities by default. It was discovered that libxml2 incorrectly handled documents that end abruptly. Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191