Libxml2@2.8.0 Security Vulnerabilities and Issues — Libxml2@2.8.0 CVE List

Lucene search

XmlsoftLibxml22.8.0

3 matches found

CVE•added 2014/11/04 4:55 p.m.•186 views

CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a va...

5CVSS5.9AI score0.04812EPSS

CVE•added 2013/07/10 10:55 a.m.•159 views

CVE-2013-2877

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

5CVSS7.6AI score0.01047EPSS

CVE•added 2014/01/21 6:55 p.m.•95 views

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers,...

6.8CVSS9AI score0.02394EPSS