4 matches found
Amazon Linux 2 : libxml2 (ALAS-2025-2893)
The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2893 advisory. A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based...
PT-2025-7047
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.12.10 and earlier, 2.13.x versions prior to 2.13.6 Description The issue is a stack-based buffer overflow in the xmlSnprintfElements function in valid.c. To exploit this, DTD validation must occur for an untrusted document o...
CVE-2013-1969
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to the 1 htmlParseChunk and 2 xmldecldone functions, as demonstrated by a buffer...
CVE-2011-1944
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when addi...