Libxml2 Security Vulnerabilities and Issues — Libxml2 CVE List

Lucene search

XmlsoftLibxml2

4 matches found

CVE•added 2018/08/28 7:29 p.m.•262 views

CVE-2017-15412

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7AI score0.03481EPSS

CVE•added 2018/08/16 8:29 p.m.•219 views

CVE-2018-14567

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

6.5CVSS6.7AI score0.01311EPSS

CVE•added 2018/08/16 8:29 p.m.•67 views

CVE-2016-9598

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

6.5CVSS7.1AI score0.0127EPSS

CVE•added 2018/08/16 8:29 p.m.•55 views

CVE-2016-9596

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

6.5CVSS7.2AI score0.00673EPSS