44 matches found
PT-2024-40830 · Git +1 · Libxml2
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...
libxml2: use-after-free in XMLReader
A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
UBUNTU-CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
SUSE CVE-2008-4225
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service infinite loop via a large XML document...
PYSEC-2022-255
There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may...
VTK 代码问题漏洞
VTK is an open source software system for image processing, 3D graphics, body drawing and visualization. VTK suffers from a code issue vulnerability that stems from its IO/Infovis/vtkXMLTreeReader.cxx component not checking the return value of the libxml2 API "xmlDocGetRootElement" and attempting...
[SECURITY] Fedora 34 Update: libxml2-2.9.14-1.fc34
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
How to disable XXE processing?
In my last post I talked about XXE vulnerabilities found on popular open-source projects and more generally how to assess this type of issue. Today, I’ll talk about the different strategies to disable XXE processing. External XXE and internal entities are useful for building concise XML documents...
The vulnerability of the htmlParseTryOrFinish function in the HTMLparser.c component of the Libxml2 library arises from reading data beyond the allowed buffer limits. This allows an attacker to access confidential data and also cause a service failure.
The vulnerability of the htmlParseTryOrFinish function in the HTMLparser.c component of the Libxml2 library is related to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service failures...
The vulnerability of the LIBXML_ATTR_FORMAT function in the libxml2 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the LIBXMLATTRFORMAT function in the libxml2 library HTML parser.c is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
USN-3494-1 libxml-libxml-perl vulnerability
It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code...
ALPINE-CVE-2017-16932
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities...
Multiple Apple Products libxml2 Memory Corruption Denial of Service Vulnerability (CNVD-2016-05742)
Apple iOS is an operating system for mobile devices; OS X is a specialized operating system for Mac computers; tvOS is an operating system for smart TVs; and watchOS is an operating system for smart watches. libxslt is an XSLTC library developed for the GNOME project. A security vulnerability in...
The vulnerability of the libxml2 library, which allows a perpetrator to obtain confidential information
The vulnerability of the xmlParseXMLDecl function in the parser.c file of the libxml2 library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain confidential information due to incomplete declaration of XML data...
The vulnerability of the libxml2 library, which allows a hacker to cause a service failure or obtain confidential information
The vulnerability of the xmlNextChar function in the libxml2 library arises due to buffer overflows. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure application termination or obtain confidential information through specially crafted XML data...
The vulnerability of the libxml2 library and the PHP interpreter allows attackers to trigger a service failure.
The vulnerability of the xslextfunctionphp function ext/xsl/xsltprocessor.c in the libxml2 library and the PHP interpreter is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure dereferencing the null pointer...
UBUNTU-CVE-2016-1834
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML...
The vulnerability of the libxml2 library, which allows a hacker to trigger a service failure
The vulnerability of the htmlParseNameComplex function in the libxml2 library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker to trigger a service failure memory overflow through the use of a specially crafted XML document...
libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...
libxml2: heap-based buffer overflow in xmlParseConditionalSections()
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service...