Astra Linux - уязвимость в libxml2

The vulnerability of the xmlParseAttValueComplex function in the parser.c component of the Libxml2 library is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...

MiracleLinux 4 : libxml2-2.7.6-8.4.0.1.AXS4 (AXSA:2013-01:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-01:01 advisory. This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and...

MiracleLinux 3 : libxml2-2.6.26-2.1.2.6.1AXS3 (AXSA:2008-277:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-277:03 advisory. The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any...

SUSE CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a long XML entity name...

Denial Of Service (DoS)

libxml2.so is vulnerable to denial of service. An attacker can crash the application or execute arbitrary code through the xmlParseAttValueComplex function in parser.c by providing long XML entity name...

libxml2: Use-of-uninitialized-value in xmlCurrentChar

Project: https://gitlab.gnome.org/GNOME/libxml2.git Detailed report: https://oss-fuzz.com/testcase?key=6685532522283008 Project: libxml2 Fuzzer: libFuzzerlibxml2xmlreadmemoryfuzzer Fuzz target binary: libxml2xmlreadmemoryfuzzer Job Type: libfuzzermsanlibxml2 Platform Id: linux Crash Type:...

Design/Logic Flaw

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

CVE-2016-3705

CVE-2016-3705 affects libxml2 (tracked in CVE-2016-3705) and is caused by insufficient tracking of recursion depth in parser.c (functions xmlParserEntityCheck and xmlParseAttValueComplex). A crafted XML document with many nested entity references can exhaust the stack, causing a denial of service...

CVE-2016-3705

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

CVE-2016-3705

Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck and xmlParseAttValueComplex functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack...

libxml2: Heap-buffer-underflow in xmlParseAttValueComplex

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML...

libxml2 buffer overflow

Heap buffer overflow in xmlParseAttValueComplex...

libxml2: Heap-buffer-underflow in xmlParseAttValueComplex

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML...

DEBIAN-CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML...

Heap overflow

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML...

CVE-2012-5134

CVE-2012-5134 is a heap-based buffer underflow in libxml2’s xmlParseAttValueComplex (parser.c) present in libxml2 2.9.0 and earlier, used by Google Chrome up to 23.0.1271.91 and other products. The flaw allows a remote attacker to cause a crash or possibly execute arbitrary code via crafted XML e...

DEBIAN-CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a long XML entity name...

CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a long XML entity name...

libxml2: long entity name heap buffer overflow

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a long XML entity name...

PT-2008-1063 · Xmlsoft +1 · Libxml2 +1

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.7.0 libxml2 versions prior to 2.7.2 Description: The issue is related to a heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2, which allows context-dependent attackers to caus...