F5 Networks BIG-IP : libxml2 vulnerabilities (K24322529)

CVE-2016-4447 The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName. CVE-2016-4449 XML external entity XXE vulnerability in t...

The vulnerability of the libxml2 library, which allows a hacker to trigger a service failure

The vulnerability of the xmlParseMisc function in the parser.c file of the libxml2 library arises due to buffer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure by manipulating the boundaries of entities and start tags...

The vulnerability of the libxml2 library allows attackers to gain access to protected information from the process’s memory.

The vulnerability of the xmlGROW function in the parser.c file of the libxml2 library is caused by an overflow in the buffer in the dynamic memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information stored in the process’s memo...

The vulnerability of the libxml2 library, which allows a hacker to trigger a service failure

The vulnerability of the xmlParseXmlDecl function in the parser.c file of the libxml2 library arises due to an overflow of memory buffer in dynamic memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure by triggering errors after a coding process interrupti...

CVE-2016-4449

XML external entity XXE vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via unspecified vectors...

libxml2: Heap-based buffer underreads due to xmlParseName

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName...

CVE-2016-4449

XML external entity XXE vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via unspecified vectors...

CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName...

Heap overflow

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName...

CVE-2016-4449

XML external entity XXE vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via unspecified vectors...

CVE-2016-4449

CVE-2016-4449 is an XML External Entity (XXE) vulnerability in libxml2’s parser.c (xmlStringLenDecodeEntities) affecting libxml2 up to version 2.9.4. ALT Linux advisory entries show a confirmed fix in libxml2 version 2.9.4.0.12.e905-alt1 (and related package updates), indicating that patches were...

Design/Logic Flaw

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

CVE-2016-3705

CVE-2016-3705 affects libxml2 (tracked in CVE-2016-3705) and is caused by insufficient tracking of recursion depth in parser.c (functions xmlParserEntityCheck and xmlParseAttValueComplex). A crafted XML document with many nested entity references can exhaust the stack, causing a denial of service...

AIX 7.1 TL 3 : libxml2 (IV80586)

The remote AIX host has a version of libxml2 installed that is affected by the following vulnerabilities : - A heap-based buffer overflow condition exists in the xmlParseEntityDecl and xmlParseConditionalSections functions within file parser.c due to a failure to properly stop parsing invalid...

AIX 5.3 TL 12 : libxml2 (IV80617)

The remote AIX host has a version of libxml2 installed that is affected by the following vulnerabilities : - A heap-based buffer overflow condition exists in the xmlParseEntityDecl and xmlParseConditionalSections functions within file parser.c due to a failure to properly stop parsing invalid...

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service out-of-bounds heap read via unspecified vectors related to incorrect entities boundaries and start tags...

DEBIAN-CVE-2015-7499

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors...

Code injection

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

Out-of-bounds

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service out-of-bounds heap read via unspecified vectors related to incorrect entities boundaries and start tags...

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...