6942 matches found
CVE-2015-5312
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...
Heap overflow
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors...
CVE-2015-5312
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...
Code injection
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...
Heap overflow
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors...
Heap overflow
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...
CVE-2015-5312
Summary (CVE-2015-5312) A DoS via XML entity expansion was reported in libxml2 (xmlStringLenDecodeEntities in parser.c) affecting versions before 2.9.3. The issue allows a context-dependent attacker to trigger high CPU usage by processing crafted XML data, as described in the CVE entry and corrob...
CVE-2015-7498
CVE-2015-7498 is a heap-based buffer overflow in the xmlParseXmlDecl function of libxml2’s parser.c, affecting versions before 2.9.3. The underlying issue enables context-dependent attackers to trigger a denial of service via crafted XML data, related to an encoding conversion failure. Affected p...
CVE-2015-7497
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors...
CVE-2015-8241
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...
CVE-2015-5312
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...
CVE-2015-7498
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure...
CVE-2015-8317
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...
CVE-2015-7497
CVE-2015-7497 affects libxml2 prior to 2.9.3, due to a heap-based buffer overflow in dict.c (xmlDictComputeFastQKey). Exploitation leads to a denial of service via crafted XML data. The vulnerability is part of multiple libxml2 issues disclosed in 2015; affected products are libraries linked agai...
CVE-2015-8242
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...
CVE-2015-7499
CVE-2015-7499 (libxml2) involves a heap-based buffer overflow in the xmlGROW function of parser.c, affecting libxml2 prior to 2.9.3. The consequence described is memory disclosure/leakage under certain crafted XML inputs. The Amazon Linux 2 advisory ALAS2-2019-1220 confirms libxml2 exposure and l...
CVE-2015-8242
CVE-2015-8242 affects libxml2 prior to 2.9.3. The xmlSAX2TextNode function in SAX2.c within the push interface of the HTML parser can cause a stack-based buffer over-read when processing crafted XML data, leading to a denial of service (application crash) and potential exposure of sensitive infor...
CVE-2015-7499
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors...
CVE-2015-8241
CVE-2015-8241 affects libxml2 (notably the xmlNextChar path) where improper state checking can lead to a heap-based buffer over-read, DoS, and potential information disclosure. Public docs place the vulnerable component in libxml2 2.9.2; exploitation requires crafted XML data. Several connected a...
CVE-2015-8317
CVE-2015-8317 affects libxml2 prior to 2.9.3. The vulnerability arises in xmlParseXMLDecl in parser.c, where an unterminated encoding value or an incomplete XML declaration can trigger an out-of-bounds heap read, potentially exposing sensitive information. Public references include vendor advisor...