libxml2: Use-after-free of ID and IDREF attributes

A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XMLPARSEDTDVALID option and without the XMLPARSENOENT option, resulting in a use-after-free issue...

libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c

There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability...

libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c

There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application...

libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c

There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability...

libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode

A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...

libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c

There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability...

SUSE-SU-2022:0802-2 Security update for python-libxml2-python

This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes bsc1196490...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service. The vulnerability exists due to an infinite recursion in parameter entities in parser.c which allows an attacker to cause a denial of service...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service. The vulnerability exists due to an integer overflow in xmlmemory.c...

CVE-2022-23308 affecting package libxml2 for versions less than 2.9.13-1

CVE-2022-23308 affecting package libxml2 for versions less than 2.9.13-1. An upgraded version of the package is available that resolves this issue...

Debian DLA-2972-1 : libxml2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2972 advisory. Five security issues have been discovered in libxml2: XML C parser and toolkit. CVE-2016-9318 Vulnerable versions do not offer a flag directly indicating that the...

Debian: Security Advisory (DLA-2972-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2972-1] libxml2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2972-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky April 08, 2022 https://wiki.debian.org/LTS -...

DLA-2972-1 libxml2 - security update

Bulletin has no description...

Security Bulletin: IBM QRadar Network Security is affected by an arbitrary code execution vulnerability (CVE-2016-4658)

Summary IBM QRadar Network Security is affected by a vulnerability in the libxml2 library that may allow arbitrary code execution. IBM QRadar Network Security has addressed this issue with a firmware update. Vulnerability Details CVEID: CVE-2016-4658 DESCRIPTION: The libxml2 library, as used in...

Important Photon OS Security Update - PHSA-2022-4.0-0167

Updates of 'haproxy', 'libxml2' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-0167

Updates of 'libxml2', 'haproxy' packages of Photon OS have been released...

The vulnerability of the valid.c file in the XML document analysis library libxml2, related to memory usage after deallocation, allows an attacker to execute arbitrary code.

The vulnerability of the valid.c file in the XML document analysis library libxml2 relates to memory usage after deallocation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially created XML file...