CVE-2012-5134

Name: CVE-2012-5134
Creator: NVD / NIST
Published: 2012-11-28T01:55:01.323+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.38%

Last modified Jun 16, 2026

CVE-2012-5134 is a vulnerability of currently unknown severity. Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.. EPSS estimates a 4.38% chance of exploitation in the next 30 days.

Description

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

Metrics

EPSS Probability

4.38%

90.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Google	Chrome	<= 23.0.1271.89	—
Google	Chrome	23.0.1271.0	—
Google	Chrome	23.0.1271.1	—
Google	Chrome	23.0.1271.2	—
Google	Chrome	23.0.1271.3	—
Google	Chrome	23.0.1271.4	—
Google	Chrome	23.0.1271.5	—
Google	Chrome	23.0.1271.6	—
Google	Chrome	23.0.1271.7	—
Google	Chrome	23.0.1271.8	—
Google	Chrome	23.0.1271.10	—
Google	Chrome	23.0.1271.11	—
Google	Chrome	23.0.1271.12	—
Google	Chrome	23.0.1271.13	—
Google	Chrome	23.0.1271.14	—
Google	Chrome	23.0.1271.15	—
Google	Chrome	23.0.1271.16	—
Google	Chrome	23.0.1271.17	—
Google	Chrome	23.0.1271.18	—
Google	Chrome	23.0.1271.19	—
Google	Chrome	23.0.1271.20	—
Google	Chrome	23.0.1271.21	—
Google	Chrome	23.0.1271.22	—
Google	Chrome	23.0.1271.23	—
Google	Chrome	23.0.1271.24	—
Google	Chrome	23.0.1271.26	—
Google	Chrome	23.0.1271.30	—
Google	Chrome	23.0.1271.31	—
Google	Chrome	23.0.1271.32	—
Google	Chrome	23.0.1271.33	—
Google	Chrome	23.0.1271.35	—
Google	Chrome	23.0.1271.36	—
Google	Chrome	23.0.1271.37	—
Google	Chrome	23.0.1271.38	—
Google	Chrome	23.0.1271.39	—
Google	Chrome	23.0.1271.40	—
Google	Chrome	23.0.1271.41	—
Google	Chrome	23.0.1271.44	—
Google	Chrome	23.0.1271.45	—
Google	Chrome	23.0.1271.46	—
Google	Chrome	23.0.1271.49	—
Google	Chrome	23.0.1271.50	—
Google	Chrome	23.0.1271.51	—
Google	Chrome	23.0.1271.52	—
Google	Chrome	23.0.1271.53	—
Google	Chrome	23.0.1271.54	—
Google	Chrome	23.0.1271.55	—
Google	Chrome	23.0.1271.56	—
Google	Chrome	23.0.1271.57	—
Google	Chrome	23.0.1271.58	—

Showing 50 of 225 affected configurations. See NVD for the full list.

References

Timeline

Published: Nov 28, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-5134?

How severe is CVE-2012-5134?

Severity scoring for CVE-2012-5134 is pending analysis. The EPSS model estimates a 4.38% probability of exploitation in the next 30 days.

How do I fix CVE-2012-5134?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-5134?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST