106 matches found
CVE-2017-8872
CVE-2017-8872 affects libxml2 and is a buffer-over-read/overflow in htmlParseTryOrFinish() in HTMLparser.c. It can allow a local attacker to cause a denial of service or information disclosure. Affected context appears in multiple IBM security bulletins for libxml2-enabled devices (e.g., IBM Blad...
CVE-2015-7499
CVE-2015-7499 (libxml2) involves a heap-based buffer overflow in the xmlGROW function of parser.c, affecting libxml2 prior to 2.9.3. The consequence described is memory disclosure/leakage under certain crafted XML inputs. The Amazon Linux 2 advisory ALAS2-2019-1220 confirms libxml2 exposure and l...
CVE-2016-4483
CVE-2016-4483 is a libxml2 serialization bug: xmlBufAttrSerializeTxtContent can trigger an out-of-bounds read when a non-UTF-8 attribute value is serialized, leading to a denial of service. Connected records note related follow-ons: CVE-2016-9598 (and CVE-2016-9596) describe DoS/out-of-bounds sce...
CVE-2016-1762
CVE-2016-1762 (and related libxml2 flaws) affects the GNOME libxml2 library where crafted XML input can cause denial of service or code execution. The primary cited issue is a heap-based buffer over-read in xmlNextChar prior to libxml2 2.9.4. Public advisories list multiple CVEs (e.g., 2016-1833/...
CVE-2003-1564
CVE-2003-1564 involves the XML parser library (libxml2) and a failure to detect recursion during entity expansion. A crafted XML document with a large number of nested entity references can trigger a denial of service through excessive memory and CPU usage (the classic “billion laughs” scenario)....
CVE-2011-1944
CVE-2011-1944 affects libxml2 and related libraries where an integer overflow in xpath.c can cause a heap-based buffer overflow when adding a new namespace node, enabling context-dependent attackers to trigger denial of service (crash) and potentially execute arbitrary code via a crafted XML file...
CVE-2017-5969
CVE-2017-5969 affects libxml2: a NULL pointer dereference in xmlSaveDoc when libxml2 is used in recover mode, enabling DoS via a crafted XML document. Connected IBM advisories confirm libxml2 is vulnerable in multiple IBM products (CMM, IMM2, Chassis/Streams/Cognos) and specify remediation via fi...
CVE-2008-3529
No additional technical details about CVE-2008-3529 are present in the provided documents. Public details appear in the Initial Description, but no connected documents confirm affected products/versions/root cause/fixes. Monitor for updates.
CVE-2025-6021
Affects libxml2: multiple vendors report CVE-2025-6021 (integer overflow in xmlBuildQName causing stack-based buffer overflow). Documents show vulnerable libxml2 variants across distributions (e.g., AWS ALAS advisories for libxml2 with 2.9/2.10 lines; AIX advisory listing affected filesets; Astra...
CVE-2017-9049
CVE-2017-9049 affects libxml2 prior to a fix released after 2.9.4. It describes a heap-based buffer over-read in xmlDictComputeFastKey within dict.c, which can cause programs using libxml2 (e.g., PHP) to crash. The vulnerability arises from an incomplete fix (Bug 759398). Public references show t...
CVE-2015-7942
CVE-2015-7942 affects libxml2 and describes a denial-of-service/ crash caused by a heap-based buffer issue in the xmlParseConditionalSections function when parsing crafted XML data, leading to an out-of-bounds read. The initial document provides concrete details: vulnerable component is libxml2 (...
CVE-2010-4494
CVE-2010-4494 is a double-free vulnerability in libxml2 (notably 2.7.8 and related versions) used by Chrome and other products. The issue affects libxml2’s handling of XPath/XML entities and could allow a remote attacker to crash or potentially execute code via crafted XML input. Public advisorie...
CVE-2015-8317
CVE-2015-8317 affects libxml2 prior to 2.9.3. The vulnerability arises in xmlParseXMLDecl in parser.c, where an unterminated encoding value or an incomplete XML declaration can trigger an out-of-bounds heap read, potentially exposing sensitive information. Public references include vendor advisor...
CVE-2017-7375
CVE-2017-7375 describes a flaw in the libxml2 parser that allows remote XML entity inclusion when default parser flags are used (no substitution/validation/DTD loading). This XXE can cause access to local files or remote resources (HTTP/FTP) depending on context, potentially expanding the attacke...
CVE-2016-3705
CVE-2016-3705 affects libxml2 (tracked in CVE-2016-3705) and is caused by insufficient tracking of recursion depth in parser.c (functions xmlParserEntityCheck and xmlParseAttValueComplex). A crafted XML document with many nested entity references can exhaust the stack, causing a denial of service...
CVE-2015-7497
CVE-2015-7497 affects libxml2 prior to 2.9.3, due to a heap-based buffer overflow in dict.c (xmlDictComputeFastQKey). Exploitation leads to a denial of service via crafted XML data. The vulnerability is part of multiple libxml2 issues disclosed in 2015; affected products are libraries linked agai...
CVE-2016-1834
CVE-2016-1834 describes a heap-based buffer overflow in libxml2's xmlStrncat function prior to 2.9.4, affecting Apple iOS/tvOS/watchOS and OS X before patched versions. Exploitation could lead to remote code execution or memory corruption and potential denial of service when processing crafted XM...
CVE-2015-8710
CVE-2015-8710 affects libxml2: denial of service and possible information disclosure from an out-of-bounds memory access when parsing an unclosed HTML comment. Publicly reported in multiple vendor advisories (IBM IMM/IMM2, RackSwitch, F5 BIG-IP, Rational DOORS, etc.). Remediation across products ...
CVE-2016-4449
CVE-2016-4449 is an XML External Entity (XXE) vulnerability in libxml2’s parser.c (xmlStringLenDecodeEntities) affecting libxml2 up to version 2.9.4. ALT Linux advisory entries show a confirmed fix in libxml2 version 2.9.4.0.12.e905-alt1 (and related package updates), indicating that patches were...
CVE-2017-9048
CVE-2017-9048 affects libxml2. The vulnerability is a stack-based buffer overflow in the function xmlSnprintfElementContent (valid.c): when recursively dumping element content, the code may strcat two characters after computing the current length without ensuring the buffer has space, allowing a ...
CVE-2015-7500
CVE-2015-7500 affects libxml2’s xmlParseMisc in parser.c; an out-of-bounds heap read via improper entity boundaries could cause a DoS. A patch/update to libxml2 2.9.3 or later is recommended. (Mode C: details are supported by connected references indicating libxml2 impact.)
CVE-2015-7498
CVE-2015-7498 is a heap-based buffer overflow in the xmlParseXmlDecl function of libxml2’s parser.c, affecting versions before 2.9.3. The underlying issue enables context-dependent attackers to trigger a denial of service via crafted XML data, related to an encoding conversion failure. Affected p...
CVE-2016-1840
CVE-2016-1840: libxml2 contains a heap-based buffer overflow in xmlFAParsePosCharGroup (pre-2.9.4). Affected on Apple iOS (pre-9.3.2), OS X (pre-10.11.5), tvOS (pre-9.2.1), watchOS (pre-2.2.1); can lead to remote code execution or memory corruption. Remediation: upgrade libxml2 to 2.9.4 or later ...
CVE-2009-2414
CVE-2009-2414 and CVE-2009-2416 affect libxml2/libxml (legacy 2.5.10/2.6.x and libxml1 1.8.17). CVE-2009-2414 is a stack-growth/recursion issue in DTD processing (depth of element declarations) leading to DoS via application crash; CVE-2009-2416 involves use-after-free via crafted Notation or Enu...
CVE-2009-2416
CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....
CVE-2016-1833
CVE-2016-1833 is a libxml2 memory corruption issue where the htmlCurrentChar function can cause a heap-based buffer over-read during parsing of crafted XML. Public details in connected docs indicate affected platforms include Apple iOS, macOS, tvOS, watchOS and related libxml2 usage, with version...
CVE-2016-1838
CVE-2016-1838 refers to a vulnerability in libxml2 where the xmlPArserPrintFileContextInternal function can be exploited by a crafted XML document to cause a heap-based overflow/read, leading to a denial of service or potential escalation. The initial description notes the issue affects libxml2 u...
CVE-2015-8806
CVE-2015-8806 — libxml2 heap-buffer overread in dict.c . A remote attacker can crash an affected application by sending a crafted HTML document containing an unexpected character immediately after the "
CVE-2016-1836
CVE-2016-1836 is a use-after-free in libxml2 (xmlDictComputeFastKey). Public mentions tie it to libxml2 up to 2.9.4, with affected Apple platforms (iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, watchOS before 2.2.1) and a DoS impact via crafted XML, per vendor advisories. Connected do...
CVE-2016-1837
CVE-2016-1837 is a use-after-free/memory corruption vulnerability in libxml2 affecting the htmlParsePubidLiteral and htmlParseSystemLiteral paths, leading to denial of service. Public references in the Initial document note a MEDIUM (CVSSv3 base 5.5) impact with LOCAL attack vector and user inter...
CVE-2015-7941
CVE-2015-7941 affects libxml2 2.9.2, where parsing does not stop on invalid input, enabling a context-dependent attacker to trigger an out-of-bounds read and crash via crafted XML data in xmlParseEntityDecl or xmlParseConditionalSections. Connected docs confirm corroborating DoS/out-of-bounds rep...
CVE-2013-0338
The vulnerability described (CVE-2013-0338) affects libxml2 2.9.0 and earlier, where an XML file containing an entity declaration with long replacement text and many references can cause a denial of service through entity expansion. This is a context-dependent DoS affecting CPU and memory usage. ...
CVE-2015-8242
CVE-2015-8242 affects libxml2 prior to 2.9.3. The xmlSAX2TextNode function in SAX2.c within the push interface of the HTML parser can cause a stack-based buffer over-read when processing crafted XML data, leading to a denial of service (application crash) and potential exposure of sensitive infor...
CVE-2015-8241
CVE-2015-8241 affects libxml2 (notably the xmlNextChar path) where improper state checking can lead to a heap-based buffer over-read, DoS, and potential information disclosure. Public docs place the vulnerable component in libxml2 2.9.2; exploitation requires crafted XML data. Several connected a...
CVE-2010-4008
CVE-2010-4008 affects libxml2 prior to 2.7.8 and is triggered by malformed XPath expressions, causing an application crash via invalid memory access. It is noted in advisories tied to libxml2 updates for platforms using the library (e.g., Chrome and Safari stacks). The connected records reference...
CVE-2016-2073
CVE-2016-2073 affects libxml2: a vulnerability in htmlParseNameComplex() can cause a heap-based buffer overflow / out-of-bounds read, leading to potential denial of service or code execution when processing a crafted XML file. The connected IBM/IBM Guards pages confirm the issue and list affected...
CVE-2025-6170
CVE-2025-6170 affects libxml2’s xmllint interactive shell. A stack-based buffer overflow in the command-parsing logic can cause crashes and, in rare configurations, may allow code execution. Related connected documents show patches/updates across distributions: Debian LTS advisory and Debian secu...
CVE-2013-0339
CVE-2013-0339 affects libxml2 up to version 2.9.1 and is an XML External Entity (XXE) issue. The root cause is improper handling of external entities expansion unless an application developer uses xmlSAX2ResolveEntity or xmlSetExternalEntityLoader. Impact cited includes potential denial of servic...
CVE-2016-9597
CVE-2016-9597 is a regression for CVE-2016-3705 where Red Hat/JBoss RHSA-2016:2957 did not include the fix for libxml2, leaving a denial-of-service risk via a stack overflow. The connected records confirm libxml2 as the affected library and document multiple publisher advisories (RHSA-2016:1292, ...
CVE-2008-3281
libxml2 up to version 2.6.32 is affected by CVE-2008-3281 due to improper detection of recursion during entity expansion in an attribute value, enabling a denial-of-service via crafted XML (memory and CPU consumption). The Gentoo GLSA confirms this, and recommends upgrading to libxml2 >= 2.7.2...
CVE-2012-5134
CVE-2012-5134 is a heap-based buffer underflow in libxml2’s xmlParseAttValueComplex (parser.c) present in libxml2 2.9.0 and earlier, used by Google Chrome up to 23.0.1271.91 and other products. The flaw allows a remote attacker to cause a crash or possibly execute arbitrary code via crafted XML e...
CVE-2012-2871
CVE-2012-2871 describes a memory handling issue in libxml2 (used in Chrome prior to 21.0.1180.89) where a bad cast during XSLT processing can lead to denial of service or potentially other impacts via a crafted document (root cause related to _xmlNs in include/libxml/tree.h). Connected advisories...
CVE-2012-0841
CVE-2012-0841 affects libxml2 up to version 2.8.0, where hash computation can be induced to collide, enabling context‑dependent attackers to trigger a denial of service via crafted XML data. The issue is repeatedly cited in multiple advisories and Nessus plugins, linking the vulnerability to the ...
CVE-2013-1969
CVE-2013-1969 affects libxml2 (notably 2.9.0 and possibly later) with multiple use-after-free vulnerabilities in parsing code. The advisory describes context-dependent attackers potentially crashing the process or, in some cases, executing arbitrary code via the htmlParseChunk and xmldecl_done pa...
CVE-2016-9598
CVE-2016-9598 affects libxml2 as used in Red Hat JBoss Core Services. The vulnerability is a denial-of-service due to an out-of-bounds read in libxml2 triggered by a specially crafted XML document, which can crash the application. Note that this issue exists because of a missing fix for CVE-2016-...
CVE-2025-8732
CVE-2025-8732 affects libxml2 up to 2.14.5, with a vulnerability in xmlParseSGMLCatalog that can trigger uncontrolled recursion during SGML catalog processing. Local attackers are required, and exploit details have circulated publicly; the real-world impact remains debated in some sources. Severa...
CVE-2004-0110
The CVE-2004-0110 issue is a real vulnerability in libxml (XMLSoft Libxml2) affecting versions 2.6.0–2.6.5, where a long URL can trigger a buffer overflow in the nanohttp/nanoftp URL parsing paths, enabling remote arbitrary code execution. Related CVEs (CVE-2004-0989) cover buffer overflows in FT...
CVE-2004-0989
CVE-2004-0989 affects libxml versions prior to 2.6.14. Multiple remote-buffer overflow flaws in FTP/HTTP URL handling and DNS processing could allow arbitrary code execution. Root causes include overflows in xmlNanoFTPScanURL, xmlNanoFTPScanProxy, and DNS length handling (xmlNanoFTPConnect, xmlNa...
CVE-2008-4409
CVE-2008-4409 affects libxml2 (versions 2.7.0 and 2.7.1). It arises from improper handling of predefined entities definitions in entities, enabling context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by the use of xmllint on a speci...
CVE-2025-9714
CVE-2025-9714 affects libxml2 up to and including 2.9.14. The vulnerability arises from uncontrolled recursion in XPath evaluation: xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset recursion depth to zero before recursion, enabling stack overflow via crafted expressions. Impact is...