Xmlsoft

Libxml2

97 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2015-7500

  • EPSS 4.25%
  • Published 15.12.2015 21:59:05
  • Last modified 12.04.2025 10:46:40

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5

CVE-2015-7499

  • EPSS 2.95%
  • Published 15.12.2015 21:59:03
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

5

CVE-2015-7498

  • EPSS 3.44%
  • Published 15.12.2015 21:59:02
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5

CVE-2015-7497

  • EPSS 3.44%
  • Published 15.12.2015 21:59:01
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

7.1

CVE-2015-5312

  • EPSS 1.99%
  • Published 15.12.2015 21:59:00
  • Last modified 12.04.2025 10:46:40

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab...

2.6

CVE-2015-8035

Exploit
  • EPSS 1.05%
  • Published 18.11.2015 16:59:09
  • Last modified 12.04.2025 10:46:40

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

6.8

CVE-2015-7942

Exploit
  • EPSS 1.46%
  • Published 18.11.2015 16:59:06
  • Last modified 12.04.2025 10:46:40

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via...

4.3

CVE-2015-7941

  • EPSS 1.25%
  • Published 18.11.2015 16:59:04
  • Last modified 12.04.2025 10:46:40

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSect...

5

CVE-2014-3660

  • EPSS 5.38%
  • Published 04.11.2014 16:55:06
  • Last modified 12.04.2025 10:46:40

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing...

6.8

CVE-2013-0339

Exploit
  • EPSS 2.39%
  • Published 21.01.2014 18:55:09
  • Last modified 11.04.2025 00:51:21

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource cons...