200 matches found
libxml2: Use-After-Free in libxml2
A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...
libxml2: Use-After-Free in libxml2
A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
...
ALPINE-CVE-2025-24928
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...
SUSE CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
...
REXML ReDoS vulnerability
...
REXML DoS vulnerability
...
PT-2024-41023 · Oracle · Java Xml
Name of the Vulnerable Software and Affected Versions: Java XML affected versions not specified Description: The issue is related to a security exception in the Java XML library. A crash occurs in the DOM2TO.parse function, which is part of the com.sun.org.apache.xalan.internal.xsltc.trax package...
Ubuntu: Security Advisory (USN-7001-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-20241220-03
A vulnerability in the xmlparse.c file of the libexpat XML file parsing library is related to an integer overflow for nDefaultAtts on 32-bit platforms. Exploitation of the vulnerability could allow an an attacker to cause a denial of service...
CLSA-2024-1718029281 libxml2: Fix of CVE-2024-25062
CVE-2024-25062: Fix use-after-free issue in XML Reader interface...
RHEL 7 : python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python: Integer overflow in PyStringDecodeEscape results in heap-base buffer overflow CVE-2017-1000158 -...
NULL Pointer Dereference
VTK is vulnerable to a NULL Pointer Dereference. The vulnerability is due to improper return value validation, where the libxml2 API xmlDocGetRootElement function can return NULL, but the code in IO/Infovis/vtkXMLTreeReader.cxx dereferences it without a check, allowing an attacker to trigger a...
USN-6658-1: libxml2 vulnerability
It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code...
libxml2: Hashing of empty dict strings isn't deterministic
A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...
libxml2: crafted xml can cause global buffer overflow
A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...
The vulnerability of the xmlsax2startelement() function in the libxml2 library, caused by buffer overflows, allows attackers to trigger a service failure.
The vulnerability of the xmlsax2startelement function in the libxml2 library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...
libxml2: Hashing of empty dict strings isn't deterministic
A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...
The vulnerability of the ezxml_decode function in the XML document syntax analysis library ezXML allows a attacker to cause a service failure.
The vulnerability of the ezxmldecode function in the ezXML XML syntax analysis library involves reading data beyond the allowable buffer size. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using a specially created XML file...