CVE-2009-2416

6.5 MEDIUM
Published: August 11, 2009 Modified: April 23, 2026
View on NVD

Description

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
Source: secalert@redhat.com
Release Notes
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Source: secalert@redhat.com
Mailing List
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
Source: secalert@redhat.com
Mailing List
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Source: secalert@redhat.com
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
Source: secalert@redhat.com
Mailing List
http://secunia.com/advisories/35036
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/36207
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/36338
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/36417
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/36631
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/37346
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/37471
Source: secalert@redhat.com
Broken Link
http://support.apple.com/kb/HT3937
Source: secalert@redhat.com
Third Party Advisory
http://support.apple.com/kb/HT3949
Source: secalert@redhat.com
Third Party Advisory
http://support.apple.com/kb/HT4225
Source: secalert@redhat.com
Third Party Advisory
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
Source: secalert@redhat.com
Broken Link
http://www.codenomicon.com/labs/xml/
Source: secalert@redhat.com
Broken Link
http://www.debian.org/security/2009/dsa-1859
Source: secalert@redhat.com
Mailing List Patch
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
Source: secalert@redhat.com
Patch
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
Source: secalert@redhat.com
Broken Link
http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
Source: secalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36010
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-815-1
Source: secalert@redhat.com
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Source: secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/2420
Source: secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2009/3184
Source: secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2009/3217
Source: secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2009/3316
Source: secalert@redhat.com
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=515205
Source: secalert@redhat.com
Issue Tracking Patch
https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
Source: secalert@redhat.com
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783
Source: secalert@redhat.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262
Source: secalert@redhat.com
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
Source: secalert@redhat.com
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
Source: secalert@redhat.com
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html
Source: secalert@redhat.com
Mailing List
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://secunia.com/advisories/35036
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36207
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36338
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36417
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36631
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/37346
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/37471
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.apple.com/kb/HT3937
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT3949
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4225
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.codenomicon.com/labs/xml/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2009/dsa-1859
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Patch
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36010
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-815-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2009/2420
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2009/3184
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2009/3217
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2009/3316
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=515205
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch
https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

72 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.5 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-416 CWE-416

Affected Vendors

debian suse canonical xmlsoft sun apple fedoraproject redhat vmware opensuse +1 more

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A