Xmlsoft

Libxml2

97 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-3627

  • EPSS 0.29%
  • Published 17.05.2016 14:08:02
  • Last modified 12.04.2025 10:46:40

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...

7.5

CVE-2015-6838

  • EPSS 3.79%
  • Published 16.05.2016 10:59:21
  • Last modified 12.04.2025 10:46:40

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...

7.5

CVE-2015-6837

  • EPSS 3.79%
  • Published 16.05.2016 10:59:20
  • Last modified 12.04.2025 10:46:40

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...

7.5

CVE-2015-8806

  • EPSS 6.05%
  • Published 13.04.2016 17:59:07
  • Last modified 12.04.2025 10:46:40

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

9.8

CVE-2015-8710

  • EPSS 4.71%
  • Published 11.04.2016 21:59:15
  • Last modified 12.04.2025 10:46:40

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed H...

8.1

CVE-2016-1762

Exploit
  • EPSS 8.58%
  • Published 24.03.2016 01:59:30
  • Last modified 12.04.2025 10:46:40

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

6.5

CVE-2016-2073

  • EPSS 1.32%
  • Published 12.02.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

5

CVE-2015-8317

Exploit
  • EPSS 0.33%
  • Published 15.12.2015 21:59:09
  • Last modified 12.04.2025 10:46:40

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds ...

5.8

CVE-2015-8242

  • EPSS 1.66%
  • Published 15.12.2015 21:59:07
  • Last modified 12.04.2025 10:46:40

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati...

6.4

CVE-2015-8241

  • EPSS 1.75%
  • Published 15.12.2015 21:59:06
  • Last modified 12.04.2025 10:46:40

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML dat...