Remote overflows exist in Libxml2. libxml's nanoftp.c xmlNanoFTPConnect() and nanohttp.c xmlNanoHTTPConnectHost() functions fail to properly perform boundary checking of DNS replies, an issue that could potentially cause stack-based overflows. Using specially-crafted DNS replies, an attacker that has hijacked or is controlling a DNS server can cause a denial of service or execute arbitrary code, resulting in a loss of availability or integrity.
Remote / Network Access
Loss of Integrity,
Loss of Availability
Upgrade to version 2.6.15 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.