Lucene search
K
XmlsoftLibxml2

106 matches found

CVE
CVE
added 2017/05/10 5:14 a.m.176 views

CVE-2017-8872

CVE-2017-8872 affects libxml2 and is a buffer-over-read/overflow in htmlParseTryOrFinish() in HTMLparser.c. It can allow a local attacker to cause a denial of service or information disclosure. Affected context appears in multiple IBM security bulletins for libxml2-enabled devices (e.g., IBM Blad...

9.1CVSS7.7AI score0.02306EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.172 views

CVE-2015-7499

CVE-2015-7499 (libxml2) involves a heap-based buffer overflow in the xmlGROW function of parser.c, affecting libxml2 prior to 2.9.3. The consequence described is memory disclosure/leakage under certain crafted XML inputs. The Amazon Linux 2 advisory ALAS2-2019-1220 confirms libxml2 exposure and l...

5CVSS7AI score0.06464EPSS
CVE
CVE
added 2017/04/11 4:0 p.m.170 views

CVE-2016-4483

CVE-2016-4483 is a libxml2 serialization bug: xmlBufAttrSerializeTxtContent can trigger an out-of-bounds read when a non-UTF-8 attribute value is serialized, leading to a denial of service. Connected records note related follow-ons: CVE-2016-9598 (and CVE-2016-9596) describe DoS/out-of-bounds sce...

7.5CVSS7.2AI score0.06165EPSS
CVE
CVE
added 2016/03/24 1:0 a.m.165 views

CVE-2016-1762

CVE-2016-1762 (and related libxml2 flaws) affects the GNOME libxml2 library where crafted XML input can cause denial of service or code execution. The primary cited issue is a heap-based buffer over-read in xmlNextChar prior to libxml2 2.9.4. Public advisories list multiple CVEs (e.g., 2016-1833/...

8.1CVSS7AI score0.06466EPSS
CVE
CVE
added 2008/09/02 2:0 p.m.164 views

CVE-2003-1564

CVE-2003-1564 involves the XML parser library (libxml2) and a failure to detect recursion during entity expansion. A crafted XML document with a large number of nested entity references can trigger a denial of service through excessive memory and CPU usage (the classic “billion laughs” scenario)....

9.3CVSS6.9AI score0.01619EPSS
CVE
CVE
added 2011/09/02 4:0 p.m.160 views

CVE-2011-1944

CVE-2011-1944 affects libxml2 and related libraries where an integer overflow in xpath.c can cause a heap-based buffer overflow when adding a new namespace node, enabling context-dependent attackers to trigger denial of service (crash) and potentially execute arbitrary code via a crafted XML file...

9.3CVSS8.4AI score0.13727EPSS
CVE
CVE
added 2017/04/11 4:0 p.m.160 views

CVE-2017-5969

CVE-2017-5969 affects libxml2: a NULL pointer dereference in xmlSaveDoc when libxml2 is used in recover mode, enabling DoS via a crafted XML document. Connected IBM advisories confirm libxml2 is vulnerable in multiple IBM products (CMM, IMM2, Chassis/Streams/Cognos) and specify remediation via fi...

4.7CVSS5.5AI score0.0263EPSS
CVE
CVE
added 2008/09/12 4:0 p.m.159 views

CVE-2008-3529

No additional technical details about CVE-2008-3529 are present in the provided documents. Public details appear in the Initial Description, but no connected documents confirm affected products/versions/root cause/fixes. Monitor for updates.

10CVSS7.3AI score0.23373EPSS
CVE
CVE
added 2025/06/12 12:49 p.m.159 views

CVE-2025-6021

Affects libxml2: multiple vendors report CVE-2025-6021 (integer overflow in xmlBuildQName causing stack-based buffer overflow). Documents show vulnerable libxml2 variants across distributions (e.g., AWS ALAS advisories for libxml2 with 2.9/2.10 lines; AIX advisory listing affected filesets; Astra...

7.5CVSS7.4AI score0.01067EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.157 views

CVE-2017-9049

CVE-2017-9049 affects libxml2 prior to a fix released after 2.9.4. It describes a heap-based buffer over-read in xmlDictComputeFastKey within dict.c, which can cause programs using libxml2 (e.g., PHP) to crash. The vulnerability arises from an incomplete fix (Bug 759398). Public references show t...

7.5CVSS7.4AI score0.04626EPSS
CVE
CVE
added 2015/11/18 4:0 p.m.156 views

CVE-2015-7942

CVE-2015-7942 affects libxml2 and describes a denial-of-service/ crash caused by a heap-based buffer issue in the xmlParseConditionalSections function when parsing crafted XML data, leading to an out-of-bounds read. The initial document provides concrete details: vulnerable component is libxml2 (...

6.8CVSS6.6AI score0.04737EPSS
CVE
CVE
added 2010/12/07 8:0 p.m.155 views

CVE-2010-4494

CVE-2010-4494 is a double-free vulnerability in libxml2 (notably 2.7.8 and related versions) used by Chrome and other products. The issue affects libxml2’s handling of XPath/XML entities and could allow a remote attacker to crash or potentially execute code via crafted XML input. Public advisorie...

7.5CVSS7.8AI score0.07533EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.153 views

CVE-2015-8317

CVE-2015-8317 affects libxml2 prior to 2.9.3. The vulnerability arises in xmlParseXMLDecl in parser.c, where an unterminated encoding value or an incomplete XML declaration can trigger an out-of-bounds heap read, potentially exposing sensitive information. Public references include vendor advisor...

5CVSS6.9AI score0.05907EPSS
CVE
CVE
added 2018/02/19 7:0 p.m.153 views

CVE-2017-7375

CVE-2017-7375 describes a flaw in the libxml2 parser that allows remote XML entity inclusion when default parser flags are used (no substitution/validation/DTD loading). This XXE can cause access to local files or remote resources (HTTP/FTP) depending on context, potentially expanding the attacke...

9.8CVSS6.9AI score0.0264EPSS
CVE
CVE
added 2016/05/17 2:0 p.m.152 views

CVE-2016-3705

CVE-2016-3705 affects libxml2 (tracked in CVE-2016-3705) and is caused by insufficient tracking of recursion depth in parser.c (functions xmlParserEntityCheck and xmlParseAttValueComplex). A crafted XML document with many nested entity references can exhaust the stack, causing a denial of service...

7.5CVSS7.6AI score0.05103EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.151 views

CVE-2015-7497

CVE-2015-7497 affects libxml2 prior to 2.9.3, due to a heap-based buffer overflow in dict.c (xmlDictComputeFastQKey). Exploitation leads to a denial of service via crafted XML data. The vulnerability is part of multiple libxml2 issues disclosed in 2015; affected products are libraries linked agai...

5CVSS6.7AI score0.0721EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.151 views

CVE-2016-1834

CVE-2016-1834 describes a heap-based buffer overflow in libxml2's xmlStrncat function prior to 2.9.4, affecting Apple iOS/tvOS/watchOS and OS X before patched versions. Exploitation could lead to remote code execution or memory corruption and potential denial of service when processing crafted XM...

9.3CVSS8.6AI score0.04643EPSS
CVE
CVE
added 2016/04/11 9:0 p.m.148 views

CVE-2015-8710

CVE-2015-8710 affects libxml2: denial of service and possible information disclosure from an out-of-bounds memory access when parsing an unclosed HTML comment. Publicly reported in multiple vendor advisories (IBM IMM/IMM2, RackSwitch, F5 BIG-IP, Rational DOORS, etc.). Remediation across products ...

9.8CVSS9.7AI score0.04925EPSS
CVE
CVE
added 2016/06/09 4:0 p.m.148 views

CVE-2016-4449

CVE-2016-4449 is an XML External Entity (XXE) vulnerability in libxml2’s parser.c (xmlStringLenDecodeEntities) affecting libxml2 up to version 2.9.4. ALT Linux advisory entries show a confirmed fix in libxml2 version 2.9.4.0.12.e905-alt1 (and related package updates), indicating that patches were...

7.1CVSS8.2AI score0.01661EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.148 views

CVE-2017-9048

CVE-2017-9048 affects libxml2. The vulnerability is a stack-based buffer overflow in the function xmlSnprintfElementContent (valid.c): when recursively dumping element content, the code may strcat two characters after computing the current length without ensuring the buffer has space, allowing a ...

7.5CVSS6.8AI score0.04888EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.147 views

CVE-2015-7500

CVE-2015-7500 affects libxml2’s xmlParseMisc in parser.c; an out-of-bounds heap read via improper entity boundaries could cause a DoS. A patch/update to libxml2 2.9.3 or later is recommended. (Mode C: details are supported by connected references indicating libxml2 impact.)

5CVSS6.5AI score0.05917EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.145 views

CVE-2015-7498

CVE-2015-7498 is a heap-based buffer overflow in the xmlParseXmlDecl function of libxml2’s parser.c, affecting versions before 2.9.3. The underlying issue enables context-dependent attackers to trigger a denial of service via crafted XML data, related to an encoding conversion failure. Affected p...

5CVSS6.7AI score0.07017EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.142 views

CVE-2016-1840

CVE-2016-1840: libxml2 contains a heap-based buffer overflow in xmlFAParsePosCharGroup (pre-2.9.4). Affected on Apple iOS (pre-9.3.2), OS X (pre-10.11.5), tvOS (pre-9.2.1), watchOS (pre-2.2.1); can lead to remote code execution or memory corruption. Remediation: upgrade libxml2 to 2.9.4 or later ...

7.8CVSS8.6AI score0.03239EPSS
CVE
CVE
added 2009/08/11 6:0 p.m.141 views

CVE-2009-2414

CVE-2009-2414 and CVE-2009-2416 affect libxml2/libxml (legacy 2.5.10/2.6.x and libxml1 1.8.17). CVE-2009-2414 is a stack-growth/recursion issue in DTD processing (depth of element declarations) leading to DoS via application crash; CVE-2009-2416 involves use-after-free via crafted Notation or Enu...

4.3CVSS6.2AI score0.03121EPSS
CVE
CVE
added 2009/08/11 6:0 p.m.140 views

CVE-2009-2416

CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....

6.5CVSS6.7AI score0.01793EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.139 views

CVE-2016-1833

CVE-2016-1833 is a libxml2 memory corruption issue where the htmlCurrentChar function can cause a heap-based buffer over-read during parsing of crafted XML. Public details in connected docs indicate affected platforms include Apple iOS, macOS, tvOS, watchOS and related libxml2 usage, with version...

5.5CVSS6.3AI score0.02559EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.139 views

CVE-2016-1838

CVE-2016-1838 refers to a vulnerability in libxml2 where the xmlPArserPrintFileContextInternal function can be exploited by a crafted XML document to cause a heap-based overflow/read, leading to a denial of service or potential escalation. The initial description notes the issue affects libxml2 u...

5.5CVSS6.3AI score0.06943EPSS
CVE
CVE
added 2016/04/13 5:0 p.m.138 views

CVE-2015-8806

CVE-2015-8806 — libxml2 heap-buffer overread in dict.c . A remote attacker can crash an affected application by sending a crafted HTML document containing an unexpected character immediately after the "

7.5CVSS7.1AI score0.04964EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.137 views

CVE-2016-1836

CVE-2016-1836 is a use-after-free in libxml2 (xmlDictComputeFastKey). Public mentions tie it to libxml2 up to 2.9.4, with affected Apple platforms (iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, watchOS before 2.2.1) and a DoS impact via crafted XML, per vendor advisories. Connected do...

5.5CVSS6.5AI score0.03926EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.137 views

CVE-2016-1837

CVE-2016-1837 is a use-after-free/memory corruption vulnerability in libxml2 affecting the htmlParsePubidLiteral and htmlParseSystemLiteral paths, leading to denial of service. Public references in the Initial document note a MEDIUM (CVSSv3 base 5.5) impact with LOCAL attack vector and user inter...

5.5CVSS6.6AI score0.04092EPSS
CVE
CVE
added 2015/11/18 4:0 p.m.136 views

CVE-2015-7941

CVE-2015-7941 affects libxml2 2.9.2, where parsing does not stop on invalid input, enabling a context-dependent attacker to trigger an out-of-bounds read and crash via crafted XML data in xmlParseEntityDecl or xmlParseConditionalSections. Connected docs confirm corroborating DoS/out-of-bounds rep...

4.3CVSS6.6AI score0.03069EPSS
CVE
CVE
added 2013/04/25 11:0 p.m.124 views

CVE-2013-0338

The vulnerability described (CVE-2013-0338) affects libxml2 2.9.0 and earlier, where an XML file containing an entity declaration with long replacement text and many references can cause a denial of service through entity expansion. This is a context-dependent DoS affecting CPU and memory usage. ...

4.3CVSS8AI score0.02856EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.122 views

CVE-2015-8242

CVE-2015-8242 affects libxml2 prior to 2.9.3. The xmlSAX2TextNode function in SAX2.c within the push interface of the HTML parser can cause a stack-based buffer over-read when processing crafted XML data, leading to a denial of service (application crash) and potential exposure of sensitive infor...

5.8CVSS6.8AI score0.04268EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.119 views

CVE-2015-8241

CVE-2015-8241 affects libxml2 (notably the xmlNextChar path) where improper state checking can lead to a heap-based buffer over-read, DoS, and potential information disclosure. Public docs place the vulnerable component in libxml2 2.9.2; exploitation requires crafted XML data. Several connected a...

6.4CVSS7AI score0.05436EPSS
CVE
CVE
added 2010/11/16 11:0 p.m.117 views

CVE-2010-4008

CVE-2010-4008 affects libxml2 prior to 2.7.8 and is triggered by malformed XPath expressions, causing an application crash via invalid memory access. It is noted in advisories tied to libxml2 updates for platforms using the library (e.g., Chrome and Safari stacks). The connected records reference...

4.3CVSS5.6AI score0.03133EPSS
CVE
CVE
added 2016/02/12 3:26 p.m.113 views

CVE-2016-2073

CVE-2016-2073 affects libxml2: a vulnerability in htmlParseNameComplex() can cause a heap-based buffer overflow / out-of-bounds read, leading to potential denial of service or code execution when processing a crafted XML file. The connected IBM/IBM Guards pages confirm the issue and list affected...

6.5CVSS7.1AI score0.0231EPSS
CVE
CVE
added 2025/06/16 3:24 p.m.113 views

CVE-2025-6170

CVE-2025-6170 affects libxml2’s xmllint interactive shell. A stack-based buffer overflow in the command-parsing logic can cause crashes and, in rare configurations, may allow code execution. Related connected documents show patches/updates across distributions: Debian LTS advisory and Debian secu...

2.5CVSS3.9AI score0.0019EPSS
CVE
CVE
added 2014/01/21 6:0 p.m.111 views

CVE-2013-0339

CVE-2013-0339 affects libxml2 up to version 2.9.1 and is an XML External Entity (XXE) issue. The root cause is improper handling of external entities expansion unless an application developer uses xmlSAX2ResolveEntity or xmlSetExternalEntityLoader. Impact cited includes potential denial of servic...

6.8CVSS9AI score0.03609EPSS
CVE
CVE
added 2018/07/30 2:0 p.m.110 views

CVE-2016-9597

CVE-2016-9597 is a regression for CVE-2016-3705 where Red Hat/JBoss RHSA-2016:2957 did not include the fix for libxml2, leaving a denial-of-service risk via a stack overflow. The connected records confirm libxml2 as the affected library and document multiple publisher advisories (RHSA-2016:1292, ...

7.5CVSS7AI score0.05103EPSS
CVE
CVE
added 2008/08/27 8:0 p.m.107 views

CVE-2008-3281

libxml2 up to version 2.6.32 is affected by CVE-2008-3281 due to improper detection of recursion during entity expansion in an attribute value, enabling a denial-of-service via crafted XML (memory and CPU consumption). The Gentoo GLSA confirms this, and recommends upgrading to libxml2 >= 2.7.2...

6.5CVSS6.3AI score0.02507EPSS
CVE
CVE
added 2012/11/28 1:0 a.m.103 views

CVE-2012-5134

CVE-2012-5134 is a heap-based buffer underflow in libxml2’s xmlParseAttValueComplex (parser.c) present in libxml2 2.9.0 and earlier, used by Google Chrome up to 23.0.1271.91 and other products. The flaw allows a remote attacker to cause a crash or possibly execute arbitrary code via crafted XML e...

6.8CVSS9.7AI score0.04382EPSS
CVE
CVE
added 2012/08/31 7:0 p.m.97 views

CVE-2012-2871

CVE-2012-2871 describes a memory handling issue in libxml2 (used in Chrome prior to 21.0.1180.89) where a bad cast during XSLT processing can lead to denial of service or potentially other impacts via a crafted document (root cause related to _xmlNs in include/libxml/tree.h). Connected advisories...

6.8CVSS7.4AI score0.0238EPSS
CVE
CVE
added 2012/12/21 2:0 a.m.93 views

CVE-2012-0841

CVE-2012-0841 affects libxml2 up to version 2.8.0, where hash computation can be induced to collide, enabling context‑dependent attackers to trigger a denial of service via crafted XML data. The issue is repeatedly cited in multiple advisories and Nessus plugins, linking the vulnerability to the ...

5CVSS7.9AI score0.0326EPSS
CVE
CVE
added 2013/04/25 11:0 p.m.93 views

CVE-2013-1969

CVE-2013-1969 affects libxml2 (notably 2.9.0 and possibly later) with multiple use-after-free vulnerabilities in parsing code. The advisory describes context-dependent attackers potentially crashing the process or, in some cases, executing arbitrary code via the htmlParseChunk and xmldecl_done pa...

7.5CVSS9.8AI score0.03819EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.88 views

CVE-2016-9598

CVE-2016-9598 affects libxml2 as used in Red Hat JBoss Core Services. The vulnerability is a denial-of-service due to an out-of-bounds read in libxml2 triggered by a specially crafted XML document, which can crash the application. Note that this issue exists because of a missing fix for CVE-2016-...

6.5CVSS7.1AI score0.01235EPSS
CVE
CVE
added 2025/08/08 4:32 p.m.83 views

CVE-2025-8732

CVE-2025-8732 affects libxml2 up to 2.14.5, with a vulnerability in xmlParseSGMLCatalog that can trigger uncontrolled recursion during SGML catalog processing. Local attackers are required, and exploit details have circulated publicly; the real-world impact remains debated in some sources. Severa...

4.8CVSS4AI score0.00143EPSS
CVE
CVE
added 2004/03/04 5:0 a.m.77 views

CVE-2004-0110

The CVE-2004-0110 issue is a real vulnerability in libxml (XMLSoft Libxml2) affecting versions 2.6.0–2.6.5, where a long URL can trigger a buffer overflow in the nanohttp/nanoftp URL parsing paths, enabling remote arbitrary code execution. Related CVEs (CVE-2004-0989) cover buffer overflows in FT...

7.5CVSS6.8AI score0.24232EPSS
CVE
CVE
added 2004/10/28 4:0 a.m.76 views

CVE-2004-0989

CVE-2004-0989 affects libxml versions prior to 2.6.14. Multiple remote-buffer overflow flaws in FTP/HTTP URL handling and DNS processing could allow arbitrary code execution. Root causes include overflows in xmlNanoFTPScanURL, xmlNanoFTPScanProxy, and DNS length handling (xmlNanoFTPConnect, xmlNa...

10CVSS6.9AI score0.21686EPSS
CVE
CVE
added 2008/10/03 5:18 p.m.71 views

CVE-2008-4409

CVE-2008-4409 affects libxml2 (versions 2.7.0 and 2.7.1). It arises from improper handling of predefined entities definitions in entities, enabling context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by the use of xmllint on a speci...

5CVSS6.7AI score0.08534EPSS
CVE
CVE
added 2025/09/10 6:43 p.m.71 views

CVE-2025-9714

CVE-2025-9714 affects libxml2 up to and including 2.9.14. The vulnerability arises from uncontrolled recursion in XPath evaluation: xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset recursion depth to zero before recursion, enabling stack overflow via crafted expressions. Impact is...

6.2CVSS6.2AI score0.00144EPSS
Total number of security vulnerabilities106