VDB
GCVE-110-MAGEIA-2014-154
GCVE-110-MAGEIA-2014-154
Advisory Published
Updated perl-YAML-LibYAML packages fix security vulnerabilities:
Florian Weimer of the Red Hat Product Security Team discovered a heap-based
buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library.
A remote attacker could provide a YAML document with a specially-crafted tag
that, when parsed by an application using libyaml, would cause the application
to crash or, potentially, execute arbitrary code with the privileges of the
user running the application (CVE-2013-6393).
Ivan Fratric of the Google Security Team discovered a heap-based buffer
overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter
library. A remote attacker could provide a specially-crafted YAML document
that, when parsed by an application using libyaml, would cause the application
to crash or, potentially, execute arbitrary code with the privileges of the
user running the application (CVE-2014-2525).
The perl-YAML-LibYAML package is being updated as it contains an embedded copy
of LibYAML.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | perl-YAML-LibYAML | 0 (affected), 0.380.0-3.2.mga3 (unaffected), 0 (affected), 0.380.0-3.2.mga3 (unaffected) | — |
| Mageia | python-setuptools | 0 (affected), 1.3-1.1.mga4 (unaffected) | — |
| Mageia | python-xattr | 0 (affected), 0.7.2-3.2.mga4 (unaffected) | — |
| Mageia | perl-YAML-LibYAML | 0 (affected), 0.410.0-2.2.mga4 (unaffected), 0 (affected), 0.410.0-2.2.mga4 (unaffected) | — |
References
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.