2 matches found
CVE-2014-3660
CVE-2014-3660 affects libxml2: parser.c allowed excessive entity expansion (billion laughs) even when entity substitution is disabled, enabling DoS via crafted XML. Public details confirm the vulnerability in libxml2 up to versions before 2.9.2. Affected component is the XML parser (parser.c) in ...
CVE-2013-0339
CVE-2013-0339 affects libxml2 up to version 2.9.1 and is an XML External Entity (XXE) issue. The root cause is improper handling of external entities expansion unless an application developer uses xmlSAX2ResolveEntity or xmlSetExternalEntityLoader. Impact cited includes potential denial of servic...