- EPSS 6.46%
- Veröffentlicht 15.12.2015 21:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
- EPSS 7.02%
- Veröffentlicht 15.12.2015 21:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
- EPSS 7.21%
- Veröffentlicht 15.12.2015 21:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
CVE-2015-5312
- EPSS 4.54%
- Veröffentlicht 15.12.2015 21:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab...
CVE-2015-8035
- EPSS 3.2%
- Veröffentlicht 18.11.2015 16:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2015-7942
- EPSS 4.74%
- Veröffentlicht 18.11.2015 16:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via...
CVE-2015-7941
- EPSS 3.07%
- Veröffentlicht 18.11.2015 16:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSect...
- EPSS 3.99%
- Veröffentlicht 04.11.2014 16:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing...
CVE-2013-0339
- EPSS 3.61%
- Veröffentlicht 21.01.2014 18:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource cons...
- EPSS 4.73%
- Veröffentlicht 10.07.2013 10:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for ...