- EPSS 8.53%
- Veröffentlicht 03.10.2008 17:41:40
- Zuletzt bearbeitet 16.06.2026 22:57:45
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a c...
- EPSS 23.37%
- Veröffentlicht 12.09.2008 16:56:20
- Zuletzt bearbeitet 16.06.2026 22:55:59
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
CVE-2008-3281
- EPSS 2.51%
- Veröffentlicht 27.08.2008 20:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:31
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
- EPSS 21.69%
- Veröffentlicht 01.03.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:48
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy...
CVE-2004-0110
- EPSS 24.23%
- Veröffentlicht 15.03.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:57
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
CVE-2003-1564
- EPSS 1.62%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:39
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nes...