6931 matches found
CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...
CVE-2009-2416
CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....
CVE-2009-2414
CVE-2009-2414 and CVE-2009-2416 affect libxml2/libxml (legacy 2.5.10/2.6.x and libxml1 1.8.17). CVE-2009-2414 is a stack-growth/recursion issue in DTD processing (depth of element declarations) leading to DoS via application crash; CVE-2009-2416 involves use-after-free via crafted Notation or Enu...
CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...
CVE-2009-2414
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...
CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...
CVE-2009-2414
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...
USN-815-1: libxml2 vulnerabilities
It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. CVE-2009-2414 ...
[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1859-1 [email protected] http://www.debian.org/security/ Nico Golde August 10th, 2009 http://www.debian.org/security/faq -...
CVE-2009-2414
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...
CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...
CentOS 3 / 5 : libxml / libxml2 (CESA-2009:1206)
Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A...
RHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206)
Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A...
[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues
-------------------------------------------------------------------------- Debian Security Advisory DSA-1859-1 [email protected] http://www.debian.org/security/ Nico Golde August 10th, 2009 http://www.debian.org/security/faq -...
mingw32-libxml2: Stack overflow by parsing root XML element DTD definition
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...
mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...
Moderate: Red Hat Security Advisory: libxml and libxml2 security update
Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A...
PT-2009-1015 · Xml +2 · Libxml2 +2
Name of the Vulnerable Software and Affected Versions: libxml2 versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32 libxml version 1.8.17 libxml2 versions prior to 2.7.3 Description: The issue is related to a stack consumption vulnerability in libxml2, allowing context-dependent attackers to cause...
libxml and libxml2 security update
libxml: 1:1.8.17-9.3 - fix a couple of crash - Resolves: rhbg515226 libxml2: 2.6.26-2.1.2.8.0.1 - Add libxml2-enterprise.patch and update logos in tarball 2.6.26-2.1.2.8 - Fix a couple of crash CVE-2009-2414 and CVE-2009-2416 - Resolves: rhbz515236...
PT-2009-1016 · Xmlsoft +2 · Libxml +3
Name of the Vulnerable Software and Affected Versions: libxml2 versions 2.5.10 through 2.6.32 libxml version 1.8.17 Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, via crafted Notation or Enumeration attribute types in an...