製品・ソフトウェアに関する情報

JVN脆弱性詳細

64-bit Linux プラットフォーム上の Google Chrome で使用される libxml2 における整数オーバーフローの脆弱性

Title	64-bit Linux プラットフォーム上の Google Chrome で使用される libxml2 における整数オーバーフローの脆弱性
Summary	64-bit Linux プラットフォーム上で稼働する Google Chrome で使用される libxml2 には、整数オーバーフローの脆弱性が存在します。
Possible impacts	第三者により、サービス運用妨害 (DoS) 状態にされるなど、不特定の影響を受ける可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 26, 2012, midnight
Registration Date	June 28, 2012, 2:20 p.m.
Last Update	Feb. 3, 2014, 11:22 a.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

アップル

Apple TV 6.0 未満 (Apple TV 第 2 世代以降)

iOS 7 未満 (iPad 2 以降)

iOS 7 未満 (iPhone 4 以降)

iOS 7 未満 (iPod touch 第 5 世代以降)

iTunes 11.1.4 未満 (Windows 7)

iTunes 11.1.4 未満 (Windows 8)

iTunes 11.1.4 未満 (Windows Vista)

iTunes 11.1.4 未満 (Windows XP SP2 以降)

Google

Google Chrome 20.0.1132.43 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-2807	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
National Vulnerability Database (NVD)
2	CVE-2012-2807	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2807
SECURITY BLOG
3	CVE-2012-2807 Numeric Errors vulnerability in libxslt	https://blogs.oracle.com/sunsecurity/entry/cve_2012_2807_numeric_errors

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apple Mailing Lists
1	APPLE-SA-2013-09-18-2	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
2	APPLE-SA-2013-09-20-1	http://lists.apple.com/archives/security-announce/2013/Sep/msg00008.html
3	APPLE-SA-2013-10-22-8	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
Apple Security Updates
4	HT5934	http://support.apple.com/kb/HT5934
5	HT5935	http://support.apple.com/kb/HT5935
6	HT6001	http://support.apple.com/kb/HT6001
Apple セキュリティアップデート
7	HT5934	http://support.apple.com/kb/HT5934?viewlocale=ja_JP
8	HT5935	http://support.apple.com/kb/HT5935?viewlocale=ja_JP
9	HT6001	http://support.apple.com/kb/HT6001?viewlocale=ja_JP
Debian セキュリティ勧告
10	DSA-2521	http://www.debian.org/security/2012/dsa-2521
Google
11	Google Chrome	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja
12	Stable Channel Update	http://googlechromereleases.blogspot.jp/2012/06/stable-channel-update_26.html
opensuse-updates
13	openSUSE-SU-2012:0813	http://lists.opensuse.org/opensuse-updates/2012-07/msg00003.html
Security Advisories
14	MDVSA-2012:126	http://www.mandriva.com/security/advisories?name=MDVSA-2012:126
15	MDVSA-2013:056	http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
Ubuntu Security Notice
16	USN-1587-1	http://www.ubuntu.com/usn/USN-1587-1

その他

No	Name	URL
JVN
1	JVNVU#94321146	http://jvn.jp/vu/JVNVU94321146/
2	JVNVU#95174988	http://jvn.jp/cert/JVNVU95174988/
3	JVNVU#98681940	http://jvn.jp/cert/JVNVU98681940/index.html

Change Log

No	Changed Details	Date of change
0	[2012年06月28日] 掲載 [2012年07月26日] ベンダ情報：Novell (openSUSE-SU-2012:0813) を追加 [2012年09月14日] ベンダ情報：Debian (DSA-2521) を追加 [2012年11月09日] ベンダ情報：Ubuntu (USN-1587-1) を追加 [2013年07月25日] ベンダ情報：オラクル (CVE-2012-2807 Numeric Errors vulnerability in libxslt) を追加 [2013年10月15日] 影響を受けるシステム：アップル (HT5934) の情報を追加影響を受けるシステム：アップル (HT5935) の情報を追加ベンダ情報：アップル (HT5934) を追加ベンダ情報：アップル (HT5935) を追加ベンダ情報：アップル (APPLE-SA-2013-09-18-2) を追加参考情報：JVN (JVNVU#98681940) を追加 [2013年11月08日] CVSS による深刻度：内容を更新影響を受けるシステム：アップル (HT6001) の情報を追加ベンダ情報：Mandriva, Inc. (MDVSA-2012:126) を追加ベンダ情報：Mandriva, Inc. (MDVSA-2013:056) を追加ベンダ情報：アップル (HT6001) を追加ベンダ情報：アップル (APPLE-SA-2013-09-20-1) を追加ベンダ情報：アップル (APPLE-SA-2013-10-22-8) を追加参考情報：JVN (JVNVU#95174988) を追加 [2014年02月03日] 影響を受けるシステム：内容を更新参考情報：JVN (JVNVU#94321146) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-2807

Summary	Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Publication Date	June 27, 2012, 7:18 p.m.
Registration Date	Jan. 28, 2021, 2:59 p.m.
Last Update	Nov. 21, 2024, 10:39 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::			20.0.1132.42
cpe:2.3:a:google:chrome:20.0.1132.0:::::::*
cpe:2.3:a:google:chrome:20.0.1132.1:::::::*
cpe:2.3:a:google:chrome:20.0.1132.2:::::::*
cpe:2.3:a:google:chrome:20.0.1132.3:::::::*
cpe:2.3:a:google:chrome:20.0.1132.4:::::::*
cpe:2.3:a:google:chrome:20.0.1132.5:::::::*
cpe:2.3:a:google:chrome:20.0.1132.6:::::::*
cpe:2.3:a:google:chrome:20.0.1132.7:::::::*
cpe:2.3:a:google:chrome:20.0.1132.8:::::::*
cpe:2.3:a:google:chrome:20.0.1132.9:::::::*
cpe:2.3:a:google:chrome:20.0.1132.10:::::::*
cpe:2.3:a:google:chrome:20.0.1132.11:::::::*
cpe:2.3:a:google:chrome:20.0.1132.12:::::::*
cpe:2.3:a:google:chrome:20.0.1132.13:::::::*
cpe:2.3:a:google:chrome:20.0.1132.14:::::::*
cpe:2.3:a:google:chrome:20.0.1132.15:::::::*
cpe:2.3:a:google:chrome:20.0.1132.16:::::::*
cpe:2.3:a:google:chrome:20.0.1132.17:::::::*
cpe:2.3:a:google:chrome:20.0.1132.18:::::::*
cpe:2.3:a:google:chrome:20.0.1132.19:::::::*
cpe:2.3:a:google:chrome:20.0.1132.20:::::::*
cpe:2.3:a:google:chrome:20.0.1132.21:::::::*
cpe:2.3:a:google:chrome:20.0.1132.22:::::::*
cpe:2.3:a:google:chrome:20.0.1132.23:::::::*
cpe:2.3:a:google:chrome:20.0.1132.24:::::::*
cpe:2.3:a:google:chrome:20.0.1132.25:::::::*
cpe:2.3:a:google:chrome:20.0.1132.26:::::::*
cpe:2.3:a:google:chrome:20.0.1132.27:::::::*
cpe:2.3:a:google:chrome:20.0.1132.28:::::::*
cpe:2.3:a:google:chrome:20.0.1132.29:::::::*
cpe:2.3:a:google:chrome:20.0.1132.30:::::::*
cpe:2.3:a:google:chrome:20.0.1132.31:::::::*
cpe:2.3:a:google:chrome:20.0.1132.32:::::::*
cpe:2.3:a:google:chrome:20.0.1132.33:::::::*
cpe:2.3:a:google:chrome:20.0.1132.34:::::::*
cpe:2.3:a:google:chrome:20.0.1132.35:::::::*
cpe:2.3:a:google:chrome:20.0.1132.36:::::::*
cpe:2.3:a:google:chrome:20.0.1132.37:::::::*
cpe:2.3:a:google:chrome:20.0.1132.38:::::::*
cpe:2.3:a:google:chrome:20.0.1132.39:::::::*
cpe:2.3:a:google:chrome:20.0.1132.40:::::::*
cpe:2.3:a:google:chrome:20.0.1132.41:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel:::64-bit:::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:apple:iphone_os:6.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.0:::::::*
cpe:2.3:o:apple:iphone_os:3.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
cpe:2.3:o:apple:iphone_os::::::::		6.1.4
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:6.1.3:::::::*
cpe:2.3:o:apple:iphone_os:5.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.8:::::::*
cpe:2.3:o:apple:iphone_os:6.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:6.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.5:::::::*
cpe:2.3:o:apple:iphone_os:6.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.3:::::::*
cpe:2.3:o:apple:iphone_os:5.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:5.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
cpe:2.3:o:apple:iphone_os:5.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.2:::::::*
cpe:2.3:o:apple:iphone_os:6.0.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://code.google.com/p/chromium/issues/detail?id=129930
2	http://code.google.com/p/chromium/issues/detail?id=129930
3	http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
4	http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
5	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
6	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
7	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
8	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
9	http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
10	http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
11	http://secunia.com/advisories/50658
12	http://secunia.com/advisories/50658
13	http://secunia.com/advisories/50800
14	http://secunia.com/advisories/50800
15	http://secunia.com/advisories/54886
16	http://secunia.com/advisories/54886
17	http://secunia.com/advisories/55568
18	http://secunia.com/advisories/55568
19	http://support.apple.com/kb/HT5934
20	http://support.apple.com/kb/HT5934
21	http://support.apple.com/kb/HT6001
22	http://support.apple.com/kb/HT6001
23	http://www.debian.org/security/2012/dsa-2521
24	http://www.debian.org/security/2012/dsa-2521
25	http://www.mandriva.com/security/advisories?name=MDVSA-2012:126
26	http://www.mandriva.com/security/advisories?name=MDVSA-2012:126
27	http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
28	http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
29	http://www.securityfocus.com/bid/54718
30	http://www.securityfocus.com/bid/54718
31	http://www.ubuntu.com/usn/USN-1587-1
32	http://www.ubuntu.com/usn/USN-1587-1
33	https://hermes.opensuse.org/messages/15075728
34	https://hermes.opensuse.org/messages/15075728
35	https://hermes.opensuse.org/messages/15375990
36	https://hermes.opensuse.org/messages/15375990

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::			20.0.1132.42
cpe:2.3:a:google:chrome:20.0.1132.0:::::::*
cpe:2.3:a:google:chrome:20.0.1132.1:::::::*
cpe:2.3:a:google:chrome:20.0.1132.2:::::::*
cpe:2.3:a:google:chrome:20.0.1132.3:::::::*
cpe:2.3:a:google:chrome:20.0.1132.4:::::::*
cpe:2.3:a:google:chrome:20.0.1132.5:::::::*
cpe:2.3:a:google:chrome:20.0.1132.6:::::::*
cpe:2.3:a:google:chrome:20.0.1132.7:::::::*
cpe:2.3:a:google:chrome:20.0.1132.8:::::::*
cpe:2.3:a:google:chrome:20.0.1132.9:::::::*
cpe:2.3:a:google:chrome:20.0.1132.10:::::::*
cpe:2.3:a:google:chrome:20.0.1132.11:::::::*
cpe:2.3:a:google:chrome:20.0.1132.12:::::::*
cpe:2.3:a:google:chrome:20.0.1132.13:::::::*
cpe:2.3:a:google:chrome:20.0.1132.14:::::::*
cpe:2.3:a:google:chrome:20.0.1132.15:::::::*
cpe:2.3:a:google:chrome:20.0.1132.16:::::::*
cpe:2.3:a:google:chrome:20.0.1132.17:::::::*
cpe:2.3:a:google:chrome:20.0.1132.18:::::::*
cpe:2.3:a:google:chrome:20.0.1132.19:::::::*
cpe:2.3:a:google:chrome:20.0.1132.20:::::::*
cpe:2.3:a:google:chrome:20.0.1132.21:::::::*
cpe:2.3:a:google:chrome:20.0.1132.22:::::::*
cpe:2.3:a:google:chrome:20.0.1132.23:::::::*
cpe:2.3:a:google:chrome:20.0.1132.24:::::::*
cpe:2.3:a:google:chrome:20.0.1132.25:::::::*
cpe:2.3:a:google:chrome:20.0.1132.26:::::::*
cpe:2.3:a:google:chrome:20.0.1132.27:::::::*
cpe:2.3:a:google:chrome:20.0.1132.28:::::::*
cpe:2.3:a:google:chrome:20.0.1132.29:::::::*
cpe:2.3:a:google:chrome:20.0.1132.30:::::::*
cpe:2.3:a:google:chrome:20.0.1132.31:::::::*
cpe:2.3:a:google:chrome:20.0.1132.32:::::::*
cpe:2.3:a:google:chrome:20.0.1132.33:::::::*
cpe:2.3:a:google:chrome:20.0.1132.34:::::::*
cpe:2.3:a:google:chrome:20.0.1132.35:::::::*
cpe:2.3:a:google:chrome:20.0.1132.36:::::::*
cpe:2.3:a:google:chrome:20.0.1132.37:::::::*
cpe:2.3:a:google:chrome:20.0.1132.38:::::::*
cpe:2.3:a:google:chrome:20.0.1132.39:::::::*
cpe:2.3:a:google:chrome:20.0.1132.40:::::::*
cpe:2.3:a:google:chrome:20.0.1132.41:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel:::64-bit:::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:apple:iphone_os:6.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.0:::::::*
cpe:2.3:o:apple:iphone_os:3.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
cpe:2.3:o:apple:iphone_os::::::::		6.1.4
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:6.1.3:::::::*
cpe:2.3:o:apple:iphone_os:5.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.8:::::::*
cpe:2.3:o:apple:iphone_os:6.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:6.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.5:::::::*
cpe:2.3:o:apple:iphone_os:6.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.3:::::::*
cpe:2.3:o:apple:iphone_os:5.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:5.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
cpe:2.3:o:apple:iphone_os:5.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.2:::::::*
cpe:2.3:o:apple:iphone_os:6.0.1:::::::*