CVE-2017-9049
- EPSS 4.63%
- Veröffentlicht 18.05.2017 06:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an in...
CVE-2017-9050
- EPSS 4.63%
- Veröffentlicht 18.05.2017 06:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incompl...
CVE-2017-8872
- EPSS 2.31%
- Veröffentlicht 10.05.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
CVE-2016-4483
- EPSS 6.17%
- Veröffentlicht 11.04.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulne...
CVE-2017-5969
- EPSS 2.63%
- Veröffentlicht 11.04.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should...
CVE-2016-9318
- EPSS 2.94%
- Veröffentlicht 16.11.2016 00:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to condu...
- EPSS 8.63%
- Veröffentlicht 25.09.2016 10:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary co...
CVE-2016-5131
- EPSS 2.27%
- Veröffentlicht 23.07.2016 19:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVE-2016-4449
- EPSS 1.66%
- Veröffentlicht 09.06.2016 16:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con...
- EPSS 7.04%
- Veröffentlicht 09.06.2016 16:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.