Description

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

Remediation

References

CVE-2013-4113

Related Vulnerabilities

Phusion Passenger Other Vulnerability (CVE-2014-1831)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1617)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Unspecified Vulnerability (1.5.55)

WordPress Plugin Cool Flickr Slideshow Cross-Site Scripting (1.0)

WordPress Plugin All in One Support Button+Callback Request. WhatsApp, Messenger, Telegram, LiveChat and more Cross-Site Scripting (1.8.7)

Severity

Medium

Classification

CVE-2013-4113 CWE-119

Tags

Missing Update Known Vulnerabilities