Xmlsoft

Libxml2

100 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2015-8317

Exploit
  • EPSS 0.33%
  • Veröffentlicht 15.12.2015 21:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds ...

5.8

CVE-2015-8242

  • EPSS 1.66%
  • Veröffentlicht 15.12.2015 21:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati...

6.4

CVE-2015-8241

  • EPSS 1.75%
  • Veröffentlicht 15.12.2015 21:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML dat...

5

CVE-2015-7500

  • EPSS 4.25%
  • Veröffentlicht 15.12.2015 21:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5

CVE-2015-7499

  • EPSS 2.95%
  • Veröffentlicht 15.12.2015 21:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

5

CVE-2015-7498

  • EPSS 3.44%
  • Veröffentlicht 15.12.2015 21:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5

CVE-2015-7497

  • EPSS 3.44%
  • Veröffentlicht 15.12.2015 21:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

7.1

CVE-2015-5312

  • EPSS 1.99%
  • Veröffentlicht 15.12.2015 21:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab...

2.6

CVE-2015-8035

Exploit
  • EPSS 1.05%
  • Veröffentlicht 18.11.2015 16:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

6.8

CVE-2015-7942

Exploit
  • EPSS 1.46%
  • Veröffentlicht 18.11.2015 16:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via...