Libxml2@2.9.4 Security Vulnerabilities and Issues — Libxml2@2.9.4 CVE List

Lucene search

XmlsoftLibxml22.9.4

3 matches found

CVE•added 2016/07/23 7:59 p.m.•304 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04195EPSS

CVE•added 2016/11/16 12:59 a.m.•157 views

CVE-2016-9318

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafte...

5.5CVSS5.4AI score0.00043EPSS

CVE•added 2016/05/20 10:59 a.m.•117 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.1065EPSS