7 matches found
CVE-2021-3517
CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...
CVE-2021-3518
CVE-2021-3518 details (libxml2): A use-after-free exists in libxml2 before v2.9.11 when processing crafted input files through an application linked with libxml2. This can impact confidentiality, integrity, and availability. The issue is triggered by processing a specially crafted file via libxml...
CVE-2016-5131
CVE-2016-5131 is a use-after-free in libxml2 up to version 2.9.4 (as used in Chrome before 52.0.2743.82) triggered by XPointer range-to, leading to possible denial of service and potentially other impact. Connected advisories reaffirms libxml2 as the vulnerable component and references several ve...
CVE-2017-5130
CVE-2017-5130 describes an integer overflow in libxml2’s xmlmemory.c that could enable a remote attacker to cause heap corruption via a crafted XML file. The vulnerability affects libxml2 up to version before 2.9.5 and has been observed in products such as Google Chrome (prior to 62.0.3202.62) an...
CVE-2017-15412
CVE-2017-15412 is a use-after-free in libxml2 (affected before 2.9.5) used by Chrome and other products, potentially enabling heap corruption via crafted HTML. Connected advisories also reference CVE-2018-14404 (NULL pointer dereference in xmlXPathCompOpEval) affecting libxml2 up to 2.9.8 during ...
CVE-2022-49043
Summary: CVE-2022-49043 affects libxml2 before 2.11.0, where xmlXIncludeAddNode in xinclude.c has a use-after-free vulnerability. The vulnerability is documented across multiple connected sources (Linux distributions and advisories) and is associated with a high impact due to potential memory cor...
CVE-2016-1762
CVE-2016-1762 (and related libxml2 flaws) affects the GNOME libxml2 library where crafted XML input can cause denial of service or code execution. The primary cited issue is a heap-based buffer over-read in xmlNextChar prior to libxml2 2.9.4. Public advisories list multiple CVEs (e.g., 2016-1833/...