6942 matches found
Design/Logic Flaw
The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...
CVE-2015-7941
CVE-2015-7941 affects libxml2 2.9.2, where parsing does not stop on invalid input, enabling a context-dependent attacker to trigger an out-of-bounds read and crash via crafted XML data in xmlParseEntityDecl or xmlParseConditionalSections. Connected docs confirm corroborating DoS/out-of-bounds rep...
CVE-2015-7942
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted XML data, a different vulnerability than...
CVE-2015-8035
The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...
CVE-2015-7941
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...
CVE-2015-7942
CVE-2015-7942 affects libxml2 and describes a denial-of-service/ crash caused by a heap-based buffer issue in the xmlParseConditionalSections function when parsing crafted XML data, leading to an out-of-bounds read. The initial document provides concrete details: vulnerable component is libxml2 (...
CVE-2015-8035
Summary (CVE-2015-8035) : In libxml2, the xz_decomp function in xzlib.c does not properly detect compression errors, enabling a denial-of-service condition (process hang) via crafted XML data. Affected: libxml2 up to 2.9.1 (and related 2.9.x lines in later advisories) with potential impact across...
CVE-2015-8035
The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...
CVE-2015-7941
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...
CVE-2015-8241
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...
CVE-2015-8242
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...
PT-2015-3257
Name of the Vulnerable Software and Affected Versions libxml2 version 2.9.2 Description The issue is caused by the xmlNextChar function in libxml2 not properly checking the state, allowing context-dependent attackers to cause a denial of service or obtain sensitive information via crafted XML dat...
UBUNTU-CVE-2015-8241
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...
UBUNTU-CVE-2015-8242
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...
Ubuntu: Security Advisory (USN-2812-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : libxml2 vulnerabilities (USN-2812-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2812-1 advisory. Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted...
USN-2812-1 libxml2 vulnerabilities
Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS,...
Mageia: Security Advisory (MGASA-2015-0423)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0433)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Libxml2 'parser.c' Remote Denial of Service Vulnerability
Libxml2 is a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation . A security vulnerability exists in Libxml2 'parser.c' that allows remote attackers to submit special requests and conduct...