Libxml2 Security Vulnerabilities and Issues — Libxml2 CVE List

Lucene search

XmlsoftLibxml2

9 matches found

CVE•added 2017/11/23 9:29 p.m.•238 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

9.8CVSS8.9AI score0.01268EPSS

CVE•added 2017/05/18 6:29 a.m.•208 views

CVE-2017-9047

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML...

7.5CVSS7.2AI score0.0279EPSS

CVE•added 2017/05/18 6:29 a.m.•187 views

CVE-2017-9050

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.

7.5CVSS7.5AI score0.10773EPSS

CVE•added 2017/11/23 9:29 p.m.•185 views

CVE-2017-16932

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

7.5CVSS6.7AI score0.11494EPSS

CVE•added 2017/05/10 5:29 a.m.•166 views

CVE-2017-8872

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

9.1CVSS7.7AI score0.00182EPSS

CVE•added 2017/04/11 4:59 p.m.•153 views

CVE-2016-4483

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

7.5CVSS7.2AI score0.01305EPSS

CVE•added 2017/04/11 4:59 p.m.•147 views

CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

4.7CVSS5.5AI score0.0271EPSS

CVE•added 2017/05/18 6:29 a.m.•145 views

CVE-2017-9049

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

7.5CVSS7.4AI score0.00438EPSS

CVE•added 2017/05/18 6:29 a.m.•132 views

CVE-2017-9048

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more c...

7.5CVSS6.8AI score0.00575EPSS