CVE-2021-3537
- EPSS 3.5%
- Veröffentlicht 14.05.2021 20:15:16
- Zuletzt bearbeitet 21.11.2024 06:21:47
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...
CVE-2020-24977
- EPSS 3.67%
- Veröffentlicht 04.09.2020 00:15:10
- Zuletzt bearbeitet 21.11.2024 05:16:15
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVE-2019-20388
- EPSS 4.39%
- Veröffentlicht 21.01.2020 23:15:13
- Zuletzt bearbeitet 17.12.2025 22:15:55
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2020-7595
- EPSS 7.84%
- Veröffentlicht 21.01.2020 23:15:13
- Zuletzt bearbeitet 03.12.2025 16:15:54
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-19956
- EPSS 5.52%
- Veröffentlicht 24.12.2019 16:15:11
- Zuletzt bearbeitet 03.12.2025 19:15:50
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2017-15412
- EPSS 2.96%
- Veröffentlicht 28.08.2018 19:29:05
- Zuletzt bearbeitet 21.11.2024 03:14:39
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-14567
- EPSS 4.3%
- Veröffentlicht 16.08.2018 20:29:02
- Zuletzt bearbeitet 21.11.2024 03:49:19
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-201...
CVE-2016-9596
- EPSS 1.08%
- Veröffentlicht 16.08.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:01:28
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix fo...
CVE-2016-9598
- EPSS 1.24%
- Veröffentlicht 16.08.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:01:29
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2...
CVE-2016-9597
- EPSS 4.48%
- Veröffentlicht 30.07.2018 14:29:02
- Zuletzt bearbeitet 21.11.2024 03:01:28
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression C...