K15872: libxml2 vulnerability CVE-2014-3660

Security Advisory Description parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of...

K61570943: Multiple libXML2 vulnerabilities

Security Advisory Description CVE-2015-5312 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability...

K41103561: libxml2 vulnerability CVE-2016-4448

Security Advisory Description Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. CVE-2016-4448 Impact Allows an attacker unauthorized disclosure of information, unauthorized modification, and disruption ...

K04450715: libxml2 vulnerability CVE-2015-8806

Security Advisory Description dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the " Identified Medium screen. To determine if your release is known to be vulnerable, the componen...

K23180157: libxml2 vulnerability CVE-2017-7376

Security Advisory Description Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. CVE-2017-7376 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Statu...

K49419538: libxml2 vulnerability CVE-2016-4658

Security Advisory Description xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denia...

K51182024: libxml2 2.7.8 vulnerability CVE-2010-4494

Security Advisory Description Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

K54225343: libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705

Security Advisory Description CVE-2016-3627 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...

K16712298: libxml2 vulnerability CVE-2016-1834

Security Advisory Description Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory...

K45439210: libxml2 vulnerability CVE-2015-8710

Security Advisory Description The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...

K14614344: libxml2 vulnerability CVE-2016-1840

Security Advisory Description Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of...

K62030064: libxml2 vulnerability CVE-2016-1833

Security Advisory Description The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

K05937379: libxml2 vulnerability CVE-2016-1837

Security Advisory Description Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause ...

K26422113: libxml2 vulnerability CVE-2016-1839

Security Advisory Description The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

K71926235: libxml2 vulnerability CVE-2016-1838

Security Advisory Description The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted...

K48220300: libxml2 vulnerability CVE-2016-1836

Security Advisory Description Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML...

K76678525: libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567

Security Advisory Description CVE-2015-8035 The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data. CVE-2016-5131 Use-after-free vulnerability in libxml2...

K15864: libxml vulnerabilities CVE-2009-2414 and CVE-2009-2416

Security Advisory Description CVE-2009-2414 Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a...

SUSE CVE-2003-1564

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka the "billion laughs...

SUSE CVE-2004-0110

Buffer overflow in the 1 nanohttp or 2 nanoftp modules in XMLSoft Libxml 2 Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL...