Libxml2@2.5.10 Security Vulnerabilities and Issues — Libxml2@2.5.10 CVE List

Lucene search

XmlsoftLibxml22.5.10

9 matches found

CVE•added 2014/11/04 4:55 p.m.•186 views

CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a va...

5CVSS5.9AI score0.04812EPSS

CVE•added 2013/07/10 10:55 a.m.•159 views

CVE-2013-2877

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

5CVSS7.6AI score0.01436EPSS

CVE•added 2009/08/11 6:30 p.m.•115 views

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the C...

4.3CVSS6.2AI score0.01069EPSS

CVE•added 2009/08/11 6:30 p.m.•113 views

CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Cod...

6.5CVSS6.7AI score0.00296EPSS

CVE•added 2013/04/25 11:55 p.m.•102 views

CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

4.3CVSS8AI score0.00254EPSS

CVE•added 2014/01/21 6:55 p.m.•95 views

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers,...

6.8CVSS9AI score0.02394EPSS

CVE•added 2012/11/28 1:55 a.m.•82 views

CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML docum...

6.8CVSS9.7AI score0.02065EPSS

CVE•added 2012/12/21 5:46 a.m.•77 views

CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

5CVSS7.9AI score0.00725EPSS

CVE•added 2004/03/15 5:0 a.m.•54 views

CVE-2004-0110

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

7.5CVSS6.8AI score0.45171EPSS