CVE-2016-4447
- EPSS 13.98%
- Veröffentlicht 09.06.2016 16:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840
- EPSS 3.24%
- Veröffentlicht 20.05.2016 10:59:54
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause...
CVE-2016-1839
- EPSS 7.35%
- Veröffentlicht 20.05.2016 10:59:53
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a craft...
CVE-2016-1838
- EPSS 6.94%
- Veröffentlicht 20.05.2016 10:59:52
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-...
CVE-2016-1837
- EPSS 4.09%
- Veröffentlicht 20.05.2016 10:59:51
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remot...
CVE-2016-1836
- EPSS 3.93%
- Veröffentlicht 20.05.2016 10:59:50
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via ...
CVE-2016-1834
- EPSS 4.62%
- Veröffentlicht 20.05.2016 10:59:48
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2016-1833
- EPSS 2.56%
- Veröffentlicht 20.05.2016 10:59:47
- Zuletzt bearbeitet 06.05.2026 22:30:45
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafte...
CVE-2016-3705
- EPSS 5.1%
- Veröffentlicht 17.05.2016 14:08:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and applic...
CVE-2016-3627
- EPSS 7.03%
- Veröffentlicht 17.05.2016 14:08:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...