Lucene search
K

11 matches found

CVE
CVE
added 2015/12/15 9:0 p.m.423 views

CVE-2015-5312

Summary (CVE-2015-5312) A DoS via XML entity expansion was reported in libxml2 (xmlStringLenDecodeEntities in parser.c) affecting versions before 2.9.3. The issue allows a context-dependent attacker to trigger high CPU usage by processing crafted XML data, as described in the CVE entry and corrob...

7.1CVSS6.2AI score0.04537EPSS
CVE
CVE
added 2015/11/18 4:0 p.m.368 views

CVE-2015-8035

Summary (CVE-2015-8035) : In libxml2, the xz_decomp function in xzlib.c does not properly detect compression errors, enabling a denial-of-service condition (process hang) via crafted XML data. Affected: libxml2 up to 2.9.1 (and related 2.9.x lines in later advisories) with potential impact across...

2.6CVSS6.6AI score0.03199EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.173 views

CVE-2015-7499

CVE-2015-7499 (libxml2) involves a heap-based buffer overflow in the xmlGROW function of parser.c, affecting libxml2 prior to 2.9.3. The consequence described is memory disclosure/leakage under certain crafted XML inputs. The Amazon Linux 2 advisory ALAS2-2019-1220 confirms libxml2 exposure and l...

5CVSS7AI score0.06464EPSS
CVE
CVE
added 2015/11/18 4:0 p.m.156 views

CVE-2015-7942

CVE-2015-7942 affects libxml2 and describes a denial-of-service/ crash caused by a heap-based buffer issue in the xmlParseConditionalSections function when parsing crafted XML data, leading to an out-of-bounds read. The initial document provides concrete details: vulnerable component is libxml2 (...

6.8CVSS6.6AI score0.04737EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.154 views

CVE-2015-8317

CVE-2015-8317 affects libxml2 prior to 2.9.3. The vulnerability arises in xmlParseXMLDecl in parser.c, where an unterminated encoding value or an incomplete XML declaration can trigger an out-of-bounds heap read, potentially exposing sensitive information. Public references include vendor advisor...

5CVSS6.9AI score0.05907EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.152 views

CVE-2015-7497

CVE-2015-7497 affects libxml2 prior to 2.9.3, due to a heap-based buffer overflow in dict.c (xmlDictComputeFastQKey). Exploitation leads to a denial of service via crafted XML data. The vulnerability is part of multiple libxml2 issues disclosed in 2015; affected products are libraries linked agai...

5CVSS6.7AI score0.0721EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.148 views

CVE-2015-7500

CVE-2015-7500 affects libxml2’s xmlParseMisc in parser.c; an out-of-bounds heap read via improper entity boundaries could cause a DoS. A patch/update to libxml2 2.9.3 or later is recommended. (Mode C: details are supported by connected references indicating libxml2 impact.)

5CVSS6.5AI score0.05917EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.145 views

CVE-2015-7498

CVE-2015-7498 is a heap-based buffer overflow in the xmlParseXmlDecl function of libxml2’s parser.c, affecting versions before 2.9.3. The underlying issue enables context-dependent attackers to trigger a denial of service via crafted XML data, related to an encoding conversion failure. Affected p...

5CVSS6.7AI score0.07017EPSS
CVE
CVE
added 2015/11/18 4:0 p.m.136 views

CVE-2015-7941

CVE-2015-7941 affects libxml2 2.9.2, where parsing does not stop on invalid input, enabling a context-dependent attacker to trigger an out-of-bounds read and crash via crafted XML data in xmlParseEntityDecl or xmlParseConditionalSections. Connected docs confirm corroborating DoS/out-of-bounds rep...

4.3CVSS6.6AI score0.03069EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.124 views

CVE-2015-8242

CVE-2015-8242 affects libxml2 prior to 2.9.3. The xmlSAX2TextNode function in SAX2.c within the push interface of the HTML parser can cause a stack-based buffer over-read when processing crafted XML data, leading to a denial of service (application crash) and potential exposure of sensitive infor...

5.8CVSS6.8AI score0.04268EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.119 views

CVE-2015-8241

CVE-2015-8241 affects libxml2 (notably the xmlNextChar path) where improper state checking can lead to a heap-based buffer over-read, DoS, and potential information disclosure. Public docs place the vulnerable component in libxml2 2.9.2; exploitation requires crafted XML data. Several connected a...

6.4CVSS7AI score0.05436EPSS