libxml2: external parameter entity loaded when entity substitution is disabled
It was found that libxml2 incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.
-
Submitted by
Stefan Lijewski (lijews)
Fixed bugs
bnc#876652
VUL-0: CVE-2014-0191: libxml2: external parameter entity loaded when entity substitution is disabled
