21 matches found
CVE-2016-4658
CVE-2016-4658 affects libxml2 up to version 2.9.4 (and is noted in Apple platforms such as iOS/OS X/watchOS as affected). The issue arises from allowing namespace nodes in XPointer ranges, which can enable a remote attacker to cause arbitrary code execution or a denial of service (use-after-free/...
CVE-2016-5131
CVE-2016-5131 is a use-after-free in libxml2 up to version 2.9.4 (as used in Chrome before 52.0.2743.82) triggered by XPointer range-to, leading to possible denial of service and potentially other impact. Connected advisories reaffirms libxml2 as the vulnerable component and references several ve...
CVE-2015-6837
The vulnerability CVE-2015-6837/6838 is a NULL pointer dereference in PHP’s XSLTProcessor (ext/xsl/xsltprocessor.c) when using libxslt, triggered by valuePop() returning NULL without a check. Affected PHP versions are prior to 5.4.45, 5.5.x prior to 5.5.29, and 5.6.x prior to 5.6.13 when libxml2
CVE-2015-6838
CVE-2015-6838 affects PHP’s XSLTProcessor (ext/xsl/xsltprocessor.c). When libxml2 before 2.9.2 is used, the code does not guard the return value of valuePop(), allowing a NULL pointer dereference that can crash the application (denial of service). The vulnerability is documented as: PHP versions ...
CVE-2016-4447
CVE-2016-4447 affects libxml2 up to version before 2.9.4. The vulnerability is in the xmlParseElementDecl function (parser.c) where a crafted file via xmlParseName can cause a heap-based buffer underread, leading to denial of service (application crash). Remediation: upgrade to libxml2 2.9.4 or n...
CVE-2016-4448
CVE-2016-4448 is a format-string vulnerability in libxml2 (pre-2.9.4). The connected F5 advisory confirms libxml2 is the vulnerable component across multiple BIG-IP products and lists specific BIG-IP families/versions as vulnerable, with a table guiding upgrades to non‑vulnerable releases. Impact...
CVE-2016-9318
CVE-2016-9318 affects libxml2 (versions 2.9.4 and earlier) used in XMLSec 1.2.23 and earlier. The flaw is that libxml2 does not expose a flag indicating that the current document may be read but other files may not, enabling XML External Entity (XXE) style attacks via a crafted document. Affected...
CVE-2016-3627
CVE-2016-9596, related to libxml2 used in Red Hat JBoss Core Services, allows a denial of service via crafted XML when in recovery mode. This vulnerability exists because of an incorrect fix for CVE-2016-3627 and results in stack consumption. The issue is specifically described as a DoS (stack gr...
CVE-2016-1839
CVE-2016-1839 involves libxml2 where the xmlDictAddString function in dict.c can cause a heap-based buffer over-read, leading to a denial of service. The issue affects libxml2 up to version 2.9.4 (as used in Apple iOS, macOS, tvOS, watchOS). A later linked entry (CVE-2017-9050) confirms this was ...
CVE-2016-1762
CVE-2016-1762 (and related libxml2 flaws) affects the GNOME libxml2 library where crafted XML input can cause denial of service or code execution. The primary cited issue is a heap-based buffer over-read in xmlNextChar prior to libxml2 2.9.4. Public advisories list multiple CVEs (e.g., 2016-1833/...
CVE-2016-1834
CVE-2016-1834 describes a heap-based buffer overflow in libxml2's xmlStrncat function prior to 2.9.4, affecting Apple iOS/tvOS/watchOS and OS X before patched versions. Exploitation could lead to remote code execution or memory corruption and potential denial of service when processing crafted XM...
CVE-2016-3705
CVE-2016-3705 affects libxml2 (tracked in CVE-2016-3705) and is caused by insufficient tracking of recursion depth in parser.c (functions xmlParserEntityCheck and xmlParseAttValueComplex). A crafted XML document with many nested entity references can exhaust the stack, causing a denial of service...
CVE-2015-8710
CVE-2015-8710 affects libxml2: denial of service and possible information disclosure from an out-of-bounds memory access when parsing an unclosed HTML comment. Publicly reported in multiple vendor advisories (IBM IMM/IMM2, RackSwitch, F5 BIG-IP, Rational DOORS, etc.). Remediation across products ...
CVE-2016-4449
CVE-2016-4449 is an XML External Entity (XXE) vulnerability in libxml2’s parser.c (xmlStringLenDecodeEntities) affecting libxml2 up to version 2.9.4. ALT Linux advisory entries show a confirmed fix in libxml2 version 2.9.4.0.12.e905-alt1 (and related package updates), indicating that patches were...
CVE-2016-1840
CVE-2016-1840: libxml2 contains a heap-based buffer overflow in xmlFAParsePosCharGroup (pre-2.9.4). Affected on Apple iOS (pre-9.3.2), OS X (pre-10.11.5), tvOS (pre-9.2.1), watchOS (pre-2.2.1); can lead to remote code execution or memory corruption. Remediation: upgrade libxml2 to 2.9.4 or later ...
CVE-2016-1838
CVE-2016-1838 refers to a vulnerability in libxml2 where the xmlPArserPrintFileContextInternal function can be exploited by a crafted XML document to cause a heap-based overflow/read, leading to a denial of service or potential escalation. The initial description notes the issue affects libxml2 u...
CVE-2016-1833
CVE-2016-1833 is a libxml2 memory corruption issue where the htmlCurrentChar function can cause a heap-based buffer over-read during parsing of crafted XML. Public details in connected docs indicate affected platforms include Apple iOS, macOS, tvOS, watchOS and related libxml2 usage, with version...
CVE-2015-8806
CVE-2015-8806 — libxml2 heap-buffer overread in dict.c . A remote attacker can crash an affected application by sending a crafted HTML document containing an unexpected character immediately after the "
CVE-2016-1837
CVE-2016-1837 is a use-after-free/memory corruption vulnerability in libxml2 affecting the htmlParsePubidLiteral and htmlParseSystemLiteral paths, leading to denial of service. Public references in the Initial document note a MEDIUM (CVSSv3 base 5.5) impact with LOCAL attack vector and user inter...
CVE-2016-1836
CVE-2016-1836 is a use-after-free in libxml2 (xmlDictComputeFastKey). Public mentions tie it to libxml2 up to 2.9.4, with affected Apple platforms (iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, watchOS before 2.2.1) and a DoS impact via crafted XML, per vendor advisories. Connected do...
CVE-2016-2073
CVE-2016-2073 affects libxml2: a vulnerability in htmlParseNameComplex() can cause a heap-based buffer overflow / out-of-bounds read, leading to potential denial of service or code execution when processing a crafted XML file. The connected IBM/IBM Guards pages confirm the issue and list affected...