parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the billion laughs attack.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libxml2 | Xmlsoft | * | 2.9.1 (including) |
| Libxml2 | Xmlsoft | 2.0.0 (including) | 2.0.0 (including) |
| Libxml2 | Xmlsoft | 2.1.0 (including) | 2.1.0 (including) |
| Libxml2 | Xmlsoft | 2.1.1 (including) | 2.1.1 (including) |
| Libxml2 | Xmlsoft | 2.2.0 (including) | 2.2.0 (including) |
| Libxml2 | Xmlsoft | 2.2.0-beta (including) | 2.2.0-beta (including) |
| Libxml2 | Xmlsoft | 2.2.1 (including) | 2.2.1 (including) |
| Libxml2 | Xmlsoft | 2.2.2 (including) | 2.2.2 (including) |
| Libxml2 | Xmlsoft | 2.2.3 (including) | 2.2.3 (including) |
| Libxml2 | Xmlsoft | 2.2.4 (including) | 2.2.4 (including) |
| Libxml2 | Xmlsoft | 2.2.5 (including) | 2.2.5 (including) |
| Libxml2 | Xmlsoft | 2.2.6 (including) | 2.2.6 (including) |
| Libxml2 | Xmlsoft | 2.2.7 (including) | 2.2.7 (including) |
| Libxml2 | Xmlsoft | 2.2.8 (including) | 2.2.8 (including) |
| Libxml2 | Xmlsoft | 2.2.9 (including) | 2.2.9 (including) |
| Libxml2 | Xmlsoft | 2.2.10 (including) | 2.2.10 (including) |
| Libxml2 | Xmlsoft | 2.2.11 (including) | 2.2.11 (including) |
| Libxml2 | Xmlsoft | 2.3.0 (including) | 2.3.0 (including) |
| Libxml2 | Xmlsoft | 2.3.1 (including) | 2.3.1 (including) |
| Libxml2 | Xmlsoft | 2.3.2 (including) | 2.3.2 (including) |
| Libxml2 | Xmlsoft | 2.3.3 (including) | 2.3.3 (including) |
| Libxml2 | Xmlsoft | 2.3.4 (including) | 2.3.4 (including) |
| Libxml2 | Xmlsoft | 2.3.5 (including) | 2.3.5 (including) |
| Libxml2 | Xmlsoft | 2.3.6 (including) | 2.3.6 (including) |
| Libxml2 | Xmlsoft | 2.3.7 (including) | 2.3.7 (including) |
| Libxml2 | Xmlsoft | 2.3.8 (including) | 2.3.8 (including) |
| Libxml2 | Xmlsoft | 2.3.9 (including) | 2.3.9 (including) |
| Libxml2 | Xmlsoft | 2.3.10 (including) | 2.3.10 (including) |
| Libxml2 | Xmlsoft | 2.3.11 (including) | 2.3.11 (including) |
| Libxml2 | Xmlsoft | 2.3.12 (including) | 2.3.12 (including) |
| Libxml2 | Xmlsoft | 2.3.13 (including) | 2.3.13 (including) |
| Libxml2 | Xmlsoft | 2.3.14 (including) | 2.3.14 (including) |
| Libxml2 | Xmlsoft | 2.4.1 (including) | 2.4.1 (including) |
| Libxml2 | Xmlsoft | 2.4.2 (including) | 2.4.2 (including) |
| Libxml2 | Xmlsoft | 2.4.3 (including) | 2.4.3 (including) |
| Libxml2 | Xmlsoft | 2.4.4 (including) | 2.4.4 (including) |
| Libxml2 | Xmlsoft | 2.4.5 (including) | 2.4.5 (including) |
| Libxml2 | Xmlsoft | 2.4.6 (including) | 2.4.6 (including) |
| Libxml2 | Xmlsoft | 2.4.7 (including) | 2.4.7 (including) |
| Libxml2 | Xmlsoft | 2.4.8 (including) | 2.4.8 (including) |
| Libxml2 | Xmlsoft | 2.4.9 (including) | 2.4.9 (including) |
| Libxml2 | Xmlsoft | 2.4.10 (including) | 2.4.10 (including) |
| Libxml2 | Xmlsoft | 2.4.11 (including) | 2.4.11 (including) |
| Libxml2 | Xmlsoft | 2.4.12 (including) | 2.4.12 (including) |
| Libxml2 | Xmlsoft | 2.4.13 (including) | 2.4.13 (including) |
| Libxml2 | Xmlsoft | 2.4.14 (including) | 2.4.14 (including) |
| Libxml2 | Xmlsoft | 2.4.15 (including) | 2.4.15 (including) |
| Libxml2 | Xmlsoft | 2.4.16 (including) | 2.4.16 (including) |
| Libxml2 | Xmlsoft | 2.4.17 (including) | 2.4.17 (including) |
| Libxml2 | Xmlsoft | 2.4.18 (including) | 2.4.18 (including) |
| Libxml2 | Xmlsoft | 2.4.19 (including) | 2.4.19 (including) |
| Libxml2 | Xmlsoft | 2.4.20 (including) | 2.4.20 (including) |
| Libxml2 | Xmlsoft | 2.4.21 (including) | 2.4.21 (including) |
| Libxml2 | Xmlsoft | 2.4.22 (including) | 2.4.22 (including) |
| Libxml2 | Xmlsoft | 2.4.23 (including) | 2.4.23 (including) |
| Libxml2 | Xmlsoft | 2.4.24 (including) | 2.4.24 (including) |
| Libxml2 | Xmlsoft | 2.4.25 (including) | 2.4.25 (including) |
| Libxml2 | Xmlsoft | 2.4.26 (including) | 2.4.26 (including) |
| Libxml2 | Xmlsoft | 2.4.27 (including) | 2.4.27 (including) |
| Libxml2 | Xmlsoft | 2.4.28 (including) | 2.4.28 (including) |
| Libxml2 | Xmlsoft | 2.4.29 (including) | 2.4.29 (including) |
| Libxml2 | Xmlsoft | 2.4.30 (including) | 2.4.30 (including) |
| Libxml2 | Xmlsoft | 2.5.0 (including) | 2.5.0 (including) |
| Libxml2 | Xmlsoft | 2.5.4 (including) | 2.5.4 (including) |
| Libxml2 | Xmlsoft | 2.5.7 (including) | 2.5.7 (including) |
| Libxml2 | Xmlsoft | 2.5.8 (including) | 2.5.8 (including) |
| Libxml2 | Xmlsoft | 2.5.10 (including) | 2.5.10 (including) |
| Libxml2 | Xmlsoft | 2.5.11 (including) | 2.5.11 (including) |
| Libxml2 | Xmlsoft | 2.6.0 (including) | 2.6.0 (including) |
| Libxml2 | Xmlsoft | 2.6.1 (including) | 2.6.1 (including) |
| Libxml2 | Xmlsoft | 2.6.2 (including) | 2.6.2 (including) |
| Libxml2 | Xmlsoft | 2.6.3 (including) | 2.6.3 (including) |
| Libxml2 | Xmlsoft | 2.6.4 (including) | 2.6.4 (including) |
| Libxml2 | Xmlsoft | 2.6.5 (including) | 2.6.5 (including) |
| Libxml2 | Xmlsoft | 2.6.6 (including) | 2.6.6 (including) |
| Libxml2 | Xmlsoft | 2.6.7 (including) | 2.6.7 (including) |
| Libxml2 | Xmlsoft | 2.6.8 (including) | 2.6.8 (including) |
| Libxml2 | Xmlsoft | 2.6.9 (including) | 2.6.9 (including) |
| Libxml2 | Xmlsoft | 2.6.11 (including) | 2.6.11 (including) |
| Libxml2 | Xmlsoft | 2.6.12 (including) | 2.6.12 (including) |
| Libxml2 | Xmlsoft | 2.6.13 (including) | 2.6.13 (including) |
| Libxml2 | Xmlsoft | 2.6.14 (including) | 2.6.14 (including) |
| Libxml2 | Xmlsoft | 2.6.16 (including) | 2.6.16 (including) |
| Libxml2 | Xmlsoft | 2.6.17 (including) | 2.6.17 (including) |
| Libxml2 | Xmlsoft | 2.6.18 (including) | 2.6.18 (including) |
| Libxml2 | Xmlsoft | 2.6.20 (including) | 2.6.20 (including) |
| Libxml2 | Xmlsoft | 2.6.21 (including) | 2.6.21 (including) |
| Libxml2 | Xmlsoft | 2.6.22 (including) | 2.6.22 (including) |
| Libxml2 | Xmlsoft | 2.6.23 (including) | 2.6.23 (including) |
| Libxml2 | Xmlsoft | 2.6.24 (including) | 2.6.24 (including) |
| Libxml2 | Xmlsoft | 2.6.25 (including) | 2.6.25 (including) |
| Libxml2 | Xmlsoft | 2.6.26 (including) | 2.6.26 (including) |
| Libxml2 | Xmlsoft | 2.6.27 (including) | 2.6.27 (including) |
| Libxml2 | Xmlsoft | 2.6.28 (including) | 2.6.28 (including) |
| Libxml2 | Xmlsoft | 2.6.29 (including) | 2.6.29 (including) |
| Libxml2 | Xmlsoft | 2.6.30 (including) | 2.6.30 (including) |
| Libxml2 | Xmlsoft | 2.6.31 (including) | 2.6.31 (including) |
| Libxml2 | Xmlsoft | 2.6.32 (including) | 2.6.32 (including) |
| Libxml2 | Xmlsoft | 2.7.0 (including) | 2.7.0 (including) |
| Libxml2 | Xmlsoft | 2.7.1 (including) | 2.7.1 (including) |
| Libxml2 | Xmlsoft | 2.7.2 (including) | 2.7.2 (including) |
| Libxml2 | Xmlsoft | 2.7.3 (including) | 2.7.3 (including) |
| Libxml2 | Xmlsoft | 2.7.4 (including) | 2.7.4 (including) |
| Libxml2 | Xmlsoft | 2.7.5 (including) | 2.7.5 (including) |
| Libxml2 | Xmlsoft | 2.7.6 (including) | 2.7.6 (including) |
| Libxml2 | Xmlsoft | 2.7.7 (including) | 2.7.7 (including) |
| Libxml2 | Xmlsoft | 2.7.8 (including) | 2.7.8 (including) |
| Libxml2 | Xmlsoft | 2.8.0 (including) | 2.8.0 (including) |
| Libxml2 | Xmlsoft | 2.9.0 (including) | 2.9.0 (including) |
| Libxml2 | Xmlsoft | 2.9.0-rc1 (including) | 2.9.0-rc1 (including) |
| Red Hat Enterprise Linux 5 | RedHat | libxml2-0:2.6.26-2.1.25.el5_11 | * |
| Red Hat Enterprise Linux 6 | RedHat | libxml2-0:2.7.6-17.el6_6.1 | * |
| Red Hat Enterprise Linux 7 | RedHat | libxml2-0:2.9.1-5.el7_0.1 | * |
| Libxml2 | Ubuntu | devel | * |
| Libxml2 | Ubuntu | lucid | * |
| Libxml2 | Ubuntu | precise | * |
| Libxml2 | Ubuntu | trusty | * |
| Libxml2 | Ubuntu | upstream | * |
| Libxml2 | Ubuntu | utopic | * |