Search for vulnerabilities
Vulnerability details: VCID-duhr-pgya-aaaq
Vulnerability ID VCID-duhr-pgya-aaaq
Aliases CVE-2007-6284
Summary The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-399 Resource Management Errors
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2008:0032
epss 0.00820 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.00820 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.01395 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.01395 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.01802 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.02371 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.05559 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.06606 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
epss 0.09957 https://api.first.org/data/v1/epss?cve=CVE-2007-6284
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2007-6284
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=202628
http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
http://lists.vmware.com/pipermail/security-announce/2008/000009.html
http://mail.gnome.org/archives/xml/2008-January/msg00036.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6284.json
https://api.first.org/data/v1/epss?cve=CVE-2007-6284
https://bugzilla.redhat.com/show_bug.cgi?id=425927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284
http://secunia.com/advisories/28439
http://secunia.com/advisories/28444
http://secunia.com/advisories/28450
http://secunia.com/advisories/28452
http://secunia.com/advisories/28458
http://secunia.com/advisories/28466
http://secunia.com/advisories/28470
http://secunia.com/advisories/28475
http://secunia.com/advisories/28636
http://secunia.com/advisories/28716
http://secunia.com/advisories/28740
http://secunia.com/advisories/29591
http://secunia.com/advisories/31074
http://security.gentoo.org/glsa/glsa-200801-20.xml
http://securitytracker.com/id?1019181
https://issues.rpath.com/browse/RPL-2121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1
http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm
https://usn.ubuntu.com/569-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html
http://www.debian.org/security/2008/dsa-1461
http://www.mandriva.com/security/advisories?name=MDVSA-2008:010
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://www.redhat.com/support/errata/RHSA-2008-0032.html
http://www.securityfocus.com/archive/1/486410/100/0/threaded
http://www.securityfocus.com/archive/1/490306/100/0/threaded
http://www.securityfocus.com/bid/27248
http://www.vupen.com/english/advisories/2008/0117
http://www.vupen.com/english/advisories/2008/0144
http://www.vupen.com/english/advisories/2008/1033/references
http://www.vupen.com/english/advisories/2008/2094/references
http://www.xmlsoft.org/news.html
460292 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460292
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
CVE-2007-6284 https://nvd.nist.gov/vuln/detail/CVE-2007-6284
GLSA-200801-20 https://security.gentoo.org/glsa/200801-20
RHSA-2008:0032 https://access.redhat.com/errata/RHSA-2008:0032
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-6284
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.81648
EPSS Score 0.00820
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.