CVE-2013-2877

Name: CVE-2013-2877
Creator: NVD / NIST
Published: 2013-07-10T10:55:02.26+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.73%

Last modified Jun 16, 2026

CVE-2013-2877 is a vulnerability of currently unknown severity. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.. EPSS estimates a 4.73% chance of exploitation in the next 30 days.

Description

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Metrics

EPSS Probability

4.73%

90.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Google	Chrome	<= 28.0.1500.70	—
Google	Chrome	28.0.1500.0	—
Google	Chrome	28.0.1500.2	—
Google	Chrome	28.0.1500.3	—
Google	Chrome	28.0.1500.4	—
Google	Chrome	28.0.1500.5	—
Google	Chrome	28.0.1500.6	—
Google	Chrome	28.0.1500.8	—
Google	Chrome	28.0.1500.9	—
Google	Chrome	28.0.1500.10	—
Google	Chrome	28.0.1500.11	—
Google	Chrome	28.0.1500.12	—
Google	Chrome	28.0.1500.13	—
Google	Chrome	28.0.1500.14	—
Google	Chrome	28.0.1500.15	—
Google	Chrome	28.0.1500.16	—
Google	Chrome	28.0.1500.17	—
Google	Chrome	28.0.1500.18	—
Google	Chrome	28.0.1500.19	—
Google	Chrome	28.0.1500.20	—
Google	Chrome	28.0.1500.21	—
Google	Chrome	28.0.1500.22	—
Google	Chrome	28.0.1500.23	—
Google	Chrome	28.0.1500.24	—
Google	Chrome	28.0.1500.25	—
Google	Chrome	28.0.1500.26	—
Google	Chrome	28.0.1500.27	—
Google	Chrome	28.0.1500.28	—
Google	Chrome	28.0.1500.29	—
Google	Chrome	28.0.1500.31	—
Google	Chrome	28.0.1500.32	—
Google	Chrome	28.0.1500.33	—
Google	Chrome	28.0.1500.34	—
Google	Chrome	28.0.1500.35	—
Google	Chrome	28.0.1500.36	—
Google	Chrome	28.0.1500.37	—
Google	Chrome	28.0.1500.38	—
Google	Chrome	28.0.1500.39	—
Google	Chrome	28.0.1500.40	—
Google	Chrome	28.0.1500.41	—
Google	Chrome	28.0.1500.42	—
Google	Chrome	28.0.1500.43	—
Google	Chrome	28.0.1500.44	—
Google	Chrome	28.0.1500.45	—
Google	Chrome	28.0.1500.46	—
Google	Chrome	28.0.1500.47	—
Google	Chrome	28.0.1500.48	—
Google	Chrome	28.0.1500.49	—
Google	Chrome	28.0.1500.50	—
Google	Chrome	28.0.1500.51	—

Showing 50 of 188 affected configurations. See NVD for the full list.

References

Timeline

Published: Jul 10, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-2877?

How severe is CVE-2013-2877?

Severity scoring for CVE-2013-2877 is pending analysis. The EPSS model estimates a 4.73% probability of exploitation in the next 30 days.

How do I fix CVE-2013-2877?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2877?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST