VIR Vulnerability Intelligence Relay

CVE-2013-0339

medium
Published 2014-01-21 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-0339

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/55568

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/52662

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.8.0+dfsg1-7+nmu1
debian debianbullseyefixed2.8.0+dfsg1-7+nmu1
debian debianforkyfixed2.8.0+dfsg1-7+nmu1
debian debiansidfixed2.8.0+dfsg1-7+nmu1
debian debiantrixiefixed2.8.0+dfsg1-7+nmu1
debian debian6.0affected
debian debian7.0affected
ubuntu ubuntu10.04affected
ubuntu ubuntu12.04affected
ubuntu ubuntu12.10affected
ubuntu ubuntu13.04affected
suse suse10affected

Application impact
VendorProductVersionsFixed
xmlsoftlibxml2{"endIncluding":"2.9.1"}
xmlsoftlibxml21.7.0
xmlsoftlibxml21.7.1
xmlsoftlibxml21.7.2
xmlsoftlibxml21.7.3
xmlsoftlibxml21.7.4
xmlsoftlibxml21.8.0
xmlsoftlibxml21.8.1
xmlsoftlibxml21.8.2
xmlsoftlibxml21.8.3
xmlsoftlibxml21.8.4
xmlsoftlibxml21.8.5
xmlsoftlibxml21.8.6
xmlsoftlibxml21.8.7
xmlsoftlibxml21.8.9
xmlsoftlibxml21.8.10
xmlsoftlibxml21.8.13
xmlsoftlibxml21.8.14
xmlsoftlibxml21.8.16
xmlsoftlibxml22.0.0
xmlsoftlibxml22.1.0
xmlsoftlibxml22.1.1
xmlsoftlibxml22.2.0
xmlsoftlibxml22.2.1
xmlsoftlibxml22.2.2
xmlsoftlibxml22.2.3
xmlsoftlibxml22.2.4
xmlsoftlibxml22.2.5
xmlsoftlibxml22.2.6
xmlsoftlibxml22.2.7
xmlsoftlibxml22.2.8
xmlsoftlibxml22.2.9
xmlsoftlibxml22.2.10
xmlsoftlibxml22.2.11
xmlsoftlibxml22.3.0
xmlsoftlibxml22.3.1
xmlsoftlibxml22.3.2
xmlsoftlibxml22.3.3
xmlsoftlibxml22.3.4
xmlsoftlibxml22.3.5
xmlsoftlibxml22.3.6
xmlsoftlibxml22.3.7
xmlsoftlibxml22.3.8
xmlsoftlibxml22.3.9
xmlsoftlibxml22.3.10
xmlsoftlibxml22.3.11
xmlsoftlibxml22.3.12
xmlsoftlibxml22.3.13
xmlsoftlibxml22.3.14
xmlsoftlibxml22.4.1
xmlsoftlibxml22.4.2
xmlsoftlibxml22.4.3
xmlsoftlibxml22.4.4
xmlsoftlibxml22.4.5
xmlsoftlibxml22.4.6
xmlsoftlibxml22.4.7
xmlsoftlibxml22.4.8
xmlsoftlibxml22.4.9
xmlsoftlibxml22.4.10
xmlsoftlibxml22.4.11
xmlsoftlibxml22.4.12
xmlsoftlibxml22.4.13
xmlsoftlibxml22.4.14
xmlsoftlibxml22.4.15
xmlsoftlibxml22.4.16
xmlsoftlibxml22.4.17
xmlsoftlibxml22.4.18
xmlsoftlibxml22.4.19
xmlsoftlibxml22.4.20
xmlsoftlibxml22.4.21
xmlsoftlibxml22.4.22
xmlsoftlibxml22.4.23
xmlsoftlibxml22.4.24
xmlsoftlibxml22.4.25
xmlsoftlibxml22.4.26
xmlsoftlibxml22.4.27
xmlsoftlibxml22.4.28
xmlsoftlibxml22.4.29
xmlsoftlibxml22.4.30
xmlsoftlibxml22.5.0
xmlsoftlibxml22.5.4
xmlsoftlibxml22.5.7
xmlsoftlibxml22.5.8
xmlsoftlibxml22.5.10
xmlsoftlibxml22.5.11
xmlsoftlibxml22.6.0
xmlsoftlibxml22.6.1
xmlsoftlibxml22.6.2
xmlsoftlibxml22.6.3
xmlsoftlibxml22.6.4
xmlsoftlibxml22.6.5
xmlsoftlibxml22.6.6
xmlsoftlibxml22.6.7
xmlsoftlibxml22.6.8
xmlsoftlibxml22.6.9
xmlsoftlibxml22.6.11
xmlsoftlibxml22.6.12
xmlsoftlibxml22.6.13
xmlsoftlibxml22.6.14
xmlsoftlibxml22.6.16
xmlsoftlibxml22.6.17
xmlsoftlibxml22.6.18
xmlsoftlibxml22.6.20
xmlsoftlibxml22.6.21
xmlsoftlibxml22.6.22
xmlsoftlibxml22.6.23
xmlsoftlibxml22.6.24
xmlsoftlibxml22.6.25
xmlsoftlibxml22.6.26
xmlsoftlibxml22.6.27
xmlsoftlibxml22.6.28
xmlsoftlibxml22.6.29
xmlsoftlibxml22.6.30
xmlsoftlibxml22.6.31
xmlsoftlibxml22.6.32
xmlsoftlibxml22.7.0
xmlsoftlibxml22.7.1
xmlsoftlibxml22.7.2
xmlsoftlibxml22.7.3
xmlsoftlibxml22.7.4
xmlsoftlibxml22.7.5
xmlsoftlibxml22.7.6
xmlsoftlibxml22.7.7
xmlsoftlibxml22.7.8
xmlsoftlibxml22.8.0
xmlsoftlibxml22.9.0

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.