Xmlsoft

Libxml2

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.63%
  • Veröffentlicht 18.05.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an in...

Exploit
  • EPSS 4.63%
  • Veröffentlicht 18.05.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incompl...

  • EPSS 2.31%
  • Veröffentlicht 10.05.2017 05:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

Exploit
  • EPSS 6.17%
  • Veröffentlicht 11.04.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulne...

  • EPSS 2.63%
  • Veröffentlicht 11.04.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should...

Exploit
  • EPSS 2.94%
  • Veröffentlicht 16.11.2016 00:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to condu...

  • EPSS 8.63%
  • Veröffentlicht 25.09.2016 10:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary co...

  • EPSS 2.27%
  • Veröffentlicht 23.07.2016 19:59:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

  • EPSS 1.66%
  • Veröffentlicht 09.06.2016 16:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con...

  • EPSS 7.04%
  • Veröffentlicht 09.06.2016 16:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.