Libxml Security Vulnerabilities and Issues — Libxml CVE List

XmlsoftLibxml

8 matches found

CVE•added 2015/08/14 6:0 p.m.•231 views

CVE-2015-1819

The CVE-2015-1819 entry is supported by connected data showing a deterministic DoS in libxml2 via XML Entity Expansion (XEE) during XML parsing, causing memory exhaustion. Amazon Linux 2 advisory ALAS2-2019-1220 explicitly groups CVE-2015-1819 with several libxml2 DoS/memory-related CVEs and inst...

5CVSS6.5AI score0.02045EPSS

CVE•added 2011/09/02 4:0 p.m.•150 views

CVE-2011-1944

CVE-2011-1944 affects libxml2 and related libraries where an integer overflow in xpath.c can cause a heap-based buffer overflow when adding a new namespace node, enabling context-dependent attackers to trigger denial of service (crash) and potentially execute arbitrary code via a crafted XML file...

9.3CVSS8.4AI score0.23686EPSS

CVE•added 2009/08/11 6:0 p.m.•128 views

CVE-2009-2414

CVE-2009-2414 and CVE-2009-2416 affect libxml2/libxml (legacy 2.5.10/2.6.x and libxml1 1.8.17). CVE-2009-2414 is a stack-growth/recursion issue in DTD processing (depth of element declarations) leading to DoS via application crash; CVE-2009-2416 involves use-after-free via crafted Notation or Enu...

4.3CVSS6.2AI score0.01289EPSS

CVE•added 2009/08/11 6:0 p.m.•127 views

CVE-2009-2416

CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....

6.5CVSS6.7AI score0.01289EPSS

CVE•added 2008/11/25 11:0 p.m.•96 views

CVE-2008-4225

The CVE-2008-4225 issue affects libxml2 up to version 2.7.2, caused by an integer overflow in xmlBufferResize that can induce a denial-of-service (infinite loop) when processing a large XML document. Connected documents confirm the vulnerability and indicate fixes have been released in subsequent...

7.8CVSS6.6AI score0.04915EPSS

CVE•added 2008/11/25 11:0 p.m.•78 views

CVE-2008-4226

The CVE-2008-4226 flaw is an integer overflow in libxml2 (xmlSAX2Characters) in version 2.7.2 that can cause memory corruption, denial of service, or possibly remote code execution when processing large XML documents. Multiple distributions and advisories show patched/libxml2 updates (e.g., libxm...

10CVSS7.5AI score0.07959EPSS

CVE•added 2004/10/28 4:0 a.m.•68 views

CVE-2004-0989

CVE-2004-0989 affects libxml versions prior to 2.6.14. Multiple remote-buffer overflow flaws in FTP/HTTP URL handling and DNS processing could allow arbitrary code execution. Root causes include overflows in xmlNanoFTPScanURL, xmlNanoFTPScanProxy, and DNS length handling (xmlNanoFTPConnect, xmlNa...

10CVSS6.9AI score0.24274EPSS

CVE•added 2004/03/04 5:0 a.m.•65 views

CVE-2004-0110

The CVE-2004-0110 issue is a real vulnerability in libxml (XMLSoft Libxml2) affecting versions 2.6.0–2.6.5, where a long URL can trigger a buffer overflow in the nanohttp/nanoftp URL parsing paths, enabling remote arbitrary code execution. Related CVEs (CVE-2004-0989) cover buffer overflows in FT...

7.5CVSS6.8AI score0.4134EPSS