Xmlsoft

Libxml2

101 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2017-5130

  • EPSS 1.17%
  • Veröffentlicht 07.02.2018 23:29:01
  • Zuletzt bearbeitet 03.12.2025 22:15:48

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

9.8

CVE-2017-16931

  • EPSS 1.47%
  • Veröffentlicht 23.11.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

7.5

CVE-2017-16932

  • EPSS 21.99%
  • Veröffentlicht 23.11.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

7.5

CVE-2017-9047

Exploit
  • EPSS 2.66%
  • Veröffentlicht 18.05.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is ass...

7.5

CVE-2017-9048

Exploit
  • EPSS 0.6%
  • Veröffentlicht 18.05.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end o...

7.5

CVE-2017-9049

Exploit
  • EPSS 0.46%
  • Veröffentlicht 18.05.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an in...

7.5

CVE-2017-9050

Exploit
  • EPSS 0.31%
  • Veröffentlicht 18.05.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incompl...

9.1

CVE-2017-8872

  • EPSS 0.23%
  • Veröffentlicht 10.05.2017 05:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

7.5

CVE-2016-4483

Exploit
  • EPSS 1.27%
  • Veröffentlicht 11.04.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulne...

4.7

CVE-2017-5969

  • EPSS 3.51%
  • Veröffentlicht 11.04.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should...