Xmlsoft

Libxml2

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 6.46%
  • Veröffentlicht 15.12.2015 21:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

  • EPSS 7.02%
  • Veröffentlicht 15.12.2015 21:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

  • EPSS 7.21%
  • Veröffentlicht 15.12.2015 21:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

  • EPSS 4.54%
  • Veröffentlicht 15.12.2015 21:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab...

Exploit
  • EPSS 3.2%
  • Veröffentlicht 18.11.2015 16:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

Exploit
  • EPSS 4.74%
  • Veröffentlicht 18.11.2015 16:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via...

  • EPSS 3.07%
  • Veröffentlicht 18.11.2015 16:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSect...

  • EPSS 3.99%
  • Veröffentlicht 04.11.2014 16:55:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing...

Exploit
  • EPSS 3.61%
  • Veröffentlicht 21.01.2014 18:55:09
  • Zuletzt bearbeitet 29.04.2026 01:13:23

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource cons...

  • EPSS 4.73%
  • Veröffentlicht 10.07.2013 10:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for ...