106 matches found
CVE-2016-9596
CVE-2016-9596 is a libxml2-based denial-of-service issue observed in Red Hat JBoss Core Services, triggered by a crafted XML document while in recovery mode. The linked CNVD entry corroborates a DoS via a crafted XML document, noting a stack-related impact (stack corruption/DoS) and that it arise...
CVE-2026-0990
Vulnerability: CVE-2026-0990 affects libxml2. An uncontrolled recursion bug in xmlCatalogXMLResolveURI is triggered when a delegate URI entry references itself, allowing a remote attacker to craft an XML catalog that causes infinite recursion and stack exhaustion, resulting in DoS via application...
CVE-2026-0989
CVE-2026-0989 concerns a flaw in the RelaxNG parser in libxml2 where external schema inclusions can cause unbounded recursion, leading to stack exhaustion and denial-of-service crashes. The connected documents confirm this issue across multiple distributions (e.g., Amazon Linux 2/ALAS advisories,...
CVE-2026-6732
CVE-2026-6732 affects libxml2 and is triggered when parsing an XSD-validated document that contains an internal entity reference, causing a type confusion error and a DoS via crashes. The vulnerability is tied to how libxml2 processes crafted XML Schema Definition inputs, with the impact describe...
CVE-2026-0992
CVE-2026-0992 in libxml2 describes an uncontrolled resource consumption vulnerability. A remote attacker can supply crafted XML catalogs containing repeated elements pointing to the same downstream catalog, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU us...
CVE-2026-11979
CVE-2026-11979 affects libxml2 in the xmlcatalog utility when run in --shell mode. The usershell() function reads input into fixed-size stack buffers without proper bounds checking, allowing an overly long input line to overflow buffers (command, arg, argv) and cause stack memory corruption. Cons...