Xmlsoft

Libxml2

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 13.98%
  • Veröffentlicht 09.06.2016 16:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

Exploit
  • EPSS 3.24%
  • Veröffentlicht 20.05.2016 10:59:54
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause...

Exploit
  • EPSS 7.35%
  • Veröffentlicht 20.05.2016 10:59:53
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a craft...

Exploit
  • EPSS 6.94%
  • Veröffentlicht 20.05.2016 10:59:52
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-...

Exploit
  • EPSS 4.09%
  • Veröffentlicht 20.05.2016 10:59:51
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remot...

  • EPSS 3.93%
  • Veröffentlicht 20.05.2016 10:59:50
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via ...

Exploit
  • EPSS 4.62%
  • Veröffentlicht 20.05.2016 10:59:48
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of...

Exploit
  • EPSS 2.56%
  • Veröffentlicht 20.05.2016 10:59:47
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafte...

  • EPSS 5.1%
  • Veröffentlicht 17.05.2016 14:08:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and applic...

  • EPSS 7.03%
  • Veröffentlicht 17.05.2016 14:08:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...