Lucene search
+L
XmlsoftLibxml2

19 matches found

CVE
CVE
added 2021/05/14 7:50 p.m.618 views

CVE-2021-3537

Summary: CVE-2021-3537 affects libxml2 up to 2.9.11. In XML mixed content parsing, errors were not propagated, causing a NULL dereference when an untrusted document is parsed in recovery mode and post-validated, with availability as the highest impact. The connected documents confirm the vulnerab...

5.9CVSS7AI score0.03503EPSS
In wild
CVE
CVE
added 2014/11/04 4:0 p.m.261 views

CVE-2014-3660

CVE-2014-3660 affects libxml2: parser.c allowed excessive entity expansion (billion laughs) even when entity substitution is disabled, enabling DoS via crafted XML. Public details confirm the vulnerability in libxml2 up to versions before 2.9.2. Affected component is the XML parser (parser.c) in ...

5CVSS5.9AI score0.03988EPSS
CVE
CVE
added 2018/04/04 2:0 a.m.257 views

CVE-2018-9251

CVE-2018-9251 affects libxml2

5.3CVSS6.6AI score0.0244EPSS
CVE
CVE
added 2013/07/10 10:0 a.m.214 views

CVE-2013-2877

CVE-2013-2877 is a libxml2 out-of-bounds read vulnerability triggered by XML documents that end abruptly due to missing checks for the XML_PARSER_EOF state. It affected libxml2 up to version 2.9.0 (used in Chrome and other products) and could lead to denial of service. Remediation in the public a...

5CVSS7.6AI score0.04733EPSS
CVE
CVE
added 2016/11/16 12:0 a.m.196 views

CVE-2016-9318

CVE-2016-9318 affects libxml2 (versions 2.9.4 and earlier) used in XMLSec 1.2.23 and earlier. The flaw is that libxml2 does not expose a flag indicating that the current document may be read but other files may not, enabling XML External Entity (XXE) style attacks via a crafted document. Affected...

5.5CVSS5.4AI score0.02938EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.189 views

CVE-2016-1839

CVE-2016-1839 involves libxml2 where the xmlDictAddString function in dict.c can cause a heap-based buffer over-read, leading to a denial of service. The issue affects libxml2 up to version 2.9.4 (as used in Apple iOS, macOS, tvOS, watchOS). A later linked entry (CVE-2017-9050) confirms this was ...

5.5CVSS6.4AI score0.07347EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.177 views

CVE-2015-7499

CVE-2015-7499 (libxml2) involves a heap-based buffer overflow in the xmlGROW function of parser.c, affecting libxml2 prior to 2.9.3. The consequence described is memory disclosure/leakage under certain crafted XML inputs. The Amazon Linux 2 advisory ALAS2-2019-1220 confirms libxml2 exposure and l...

5CVSS7AI score0.06464EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.159 views

CVE-2015-8317

CVE-2015-8317 affects libxml2 prior to 2.9.3. The vulnerability arises in xmlParseXMLDecl in parser.c, where an unterminated encoding value or an incomplete XML declaration can trigger an out-of-bounds heap read, potentially exposing sensitive information. Public references include vendor advisor...

5CVSS6.9AI score0.05907EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.154 views

CVE-2015-7497

CVE-2015-7497 affects libxml2 prior to 2.9.3, due to a heap-based buffer overflow in dict.c (xmlDictComputeFastQKey). Exploitation leads to a denial of service via crafted XML data. The vulnerability is part of multiple libxml2 issues disclosed in 2015; affected products are libraries linked agai...

5CVSS6.7AI score0.0721EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.152 views

CVE-2015-7500

CVE-2015-7500 affects libxml2’s xmlParseMisc in parser.c; an out-of-bounds heap read via improper entity boundaries could cause a DoS. A patch/update to libxml2 2.9.3 or later is recommended. (Mode C: details are supported by connected references indicating libxml2 impact.)

5CVSS6.5AI score0.05917EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.148 views

CVE-2015-7498

CVE-2015-7498 is a heap-based buffer overflow in the xmlParseXmlDecl function of libxml2’s parser.c, affecting versions before 2.9.3. The underlying issue enables context-dependent attackers to trigger a denial of service via crafted XML data, related to an encoding conversion failure. Affected p...

5CVSS6.7AI score0.07017EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.143 views

CVE-2016-1833

CVE-2016-1833 is a libxml2 memory corruption issue where the htmlCurrentChar function can cause a heap-based buffer over-read during parsing of crafted XML. Public details in connected docs indicate affected platforms include Apple iOS, macOS, tvOS, watchOS and related libxml2 usage, with version...

5.5CVSS6.3AI score0.02559EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.143 views

CVE-2016-1836

CVE-2016-1836 is a use-after-free in libxml2 (xmlDictComputeFastKey). Public mentions tie it to libxml2 up to 2.9.4, with affected Apple platforms (iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, watchOS before 2.2.1) and a DoS impact via crafted XML, per vendor advisories. Connected do...

5.5CVSS6.5AI score0.03926EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.143 views

CVE-2016-1838

CVE-2016-1838 refers to a vulnerability in libxml2 where the xmlPArserPrintFileContextInternal function can be exploited by a crafted XML document to cause a heap-based overflow/read, leading to a denial of service or potential escalation. The initial description notes the issue affects libxml2 u...

5.5CVSS6.3AI score0.06943EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.140 views

CVE-2016-1837

CVE-2016-1837 is a use-after-free/memory corruption vulnerability in libxml2 affecting the htmlParsePubidLiteral and htmlParseSystemLiteral paths, leading to denial of service. Public references in the Initial document note a MEDIUM (CVSSv3 base 5.5) impact with LOCAL attack vector and user inter...

5.5CVSS6.6AI score0.04092EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.127 views

CVE-2015-8242

CVE-2015-8242 affects libxml2 prior to 2.9.3. The xmlSAX2TextNode function in SAX2.c within the push interface of the HTML parser can cause a stack-based buffer over-read when processing crafted XML data, leading to a denial of service (application crash) and potential exposure of sensitive infor...

5.8CVSS6.8AI score0.04268EPSS
CVE
CVE
added 2012/12/21 2:0 a.m.96 views

CVE-2012-0841

CVE-2012-0841 affects libxml2 up to version 2.8.0, where hash computation can be induced to collide, enabling context‑dependent attackers to trigger a denial of service via crafted XML data. The issue is repeatedly cited in multiple advisories and Nessus plugins, linking the vulnerability to the ...

5CVSS7.9AI score0.0326EPSS
CVE
CVE
added 2026/01/15 2:20 p.m.78 views

CVE-2026-0990

Vulnerability: CVE-2026-0990 affects libxml2. An uncontrolled recursion bug in xmlCatalogXMLResolveURI is triggered when a delegate URI entry references itself, allowing a remote attacker to craft an XML catalog that causes infinite recursion and stack exhaustion, resulting in DoS via application...

5.9CVSS6.3AI score0.00755EPSS
CVE
CVE
added 2008/10/03 5:18 p.m.75 views

CVE-2008-4409

CVE-2008-4409 affects libxml2 (versions 2.7.0 and 2.7.1). It arises from improper handling of predefined entities definitions in entities, enabling context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by the use of xmllint on a speci...

5CVSS6.7AI score0.08534EPSS