CVE-2013-0338
- EPSS 2.86%
- Veröffentlicht 25.04.2013 23:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entit...
CVE-2013-1969
- EPSS 3.82%
- Veröffentlicht 25.04.2013 23:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2...
- EPSS 3.26%
- Veröffentlicht 21.12.2012 05:46:14
- Zuletzt bearbeitet 16.06.2026 23:38:21
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
CVE-2012-5134
- EPSS 4.38%
- Veröffentlicht 28.11.2012 01:55:01
- Zuletzt bearbeitet 16.06.2026 23:46:18
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute ar...
CVE-2012-2871
- EPSS 2.38%
- Veröffentlicht 31.08.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:42:15
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have un...
CVE-2011-1944
- EPSS 13.73%
- Veröffentlicht 02.09.2011 16:55:03
- Zuletzt bearbeitet 16.06.2026 23:30:26
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file tha...
CVE-2010-4494
- EPSS 7.53%
- Veröffentlicht 07.12.2010 21:00:09
- Zuletzt bearbeitet 16.06.2026 23:24:55
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath...
CVE-2010-4008
- EPSS 3.13%
- Veröffentlicht 17.11.2010 01:00:02
- Zuletzt bearbeitet 16.06.2026 23:23:58
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to ca...
CVE-2009-2414
- EPSS 3.12%
- Veröffentlicht 11.08.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:23
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related ...
CVE-2009-2416
- EPSS 1.79%
- Veröffentlicht 11.08.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:24
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute...