Filtered by vendor Xmlsoft
Subscriptions
Filtered by product Libxml2
Subscriptions
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1969 | 1 Xmlsoft | 1 Libxml2 | 2025-04-11 | N/A |
| Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. | ||||
| CVE-2012-5134 | 4 Apple, Google, Redhat and 1 more | 4 Iphone Os, Chrome, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||||
| CVE-2008-3529 | 5 Apple, Canonical, Debian and 2 more | 7 Iphone Os, Mac Os X, Safari and 4 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||||
| CVE-2008-4409 | 1 Xmlsoft | 1 Libxml2 | 2025-04-09 | N/A |
| libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. | ||||
| CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 12 Iphone Os, Safari, Ubuntu Linux and 9 more | 2025-04-09 | 6.5 Medium |
| libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | ||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2025-04-09 | 6.5 Medium |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
| CVE-2009-2414 | 2 Redhat, Xmlsoft | 3 Enterprise Linux, Libxml, Libxml2 | 2025-04-09 | N/A |
| Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
| CVE-2023-29469 | 3 Debian, Redhat, Xmlsoft | 5 Debian Linux, Enterprise Linux, Jboss Core Services and 2 more | 2025-02-04 | 6.5 Medium |
| An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). | ||||
| CVE-2022-29824 | 6 Debian, Fedoraproject, Netapp and 3 more | 26 Debian Linux, Fedora, Active Iq Unified Manager and 23 more | 2024-11-21 | 6.5 Medium |
| In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. | ||||
| CVE-2021-3541 | 4 Netapp, Oracle, Redhat and 1 more | 29 Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap and 26 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | ||||
| CVE-2021-3537 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Active Iq Unified Manager and 18 more | 2024-11-21 | 5.9 Medium |
| A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3518 | 6 Debian, Fedoraproject, Netapp and 3 more | 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more | 2024-11-21 | 8.8 High |
| There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | ||||
| CVE-2020-24977 | 7 Debian, Fedoraproject, Netapp and 4 more | 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more | 2024-11-21 | 6.5 Medium |
| GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | ||||
| CVE-2018-9251 | 3 Debian, Redhat, Xmlsoft | 3 Debian Linux, Enterprise Linux, Libxml2 | 2024-11-21 | N/A |
| The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. | ||||
| CVE-2018-14567 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Ansible Tower and 2 more | 2024-11-21 | N/A |
| libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | ||||
| CVE-2017-7376 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Android, Libxml2 | 2024-11-21 | N/A |
| Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. | ||||
| CVE-2017-18258 | 2 Redhat, Xmlsoft | 4 Ansible Tower, Enterprise Linux, Jboss Core Services and 1 more | 2024-11-21 | N/A |
| The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. | ||||
| CVE-2017-15412 | 4 Debian, Google, Redhat and 1 more | 10 Debian Linux, Chrome, Ansible Tower and 7 more | 2024-11-21 | N/A |
| Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2016-9598 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2024-11-21 | 6.5 Medium |
| libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. | ||||
| CVE-2016-9597 | 6 Canonical, Debian, Hp and 3 more | 7 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 4 more | 2024-11-21 | N/A |
| It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. | ||||