Lucene search
K

9 matches found

CVE
CVE
added 2017/11/23 9:0 p.m.260 views

CVE-2017-16931

CVE-2017-16931 affects libxml2 (parser.c) prior to version 2.9.5, where parameter-entity references are mishandled: the NEXTL macro calls xmlParserHandlePEReference for a '%' in a DTD name, enabling a buffer overflow and potential remote code execution. The connected details confirm the vulnerabl...

9.8CVSS8.9AI score0.04278EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.237 views

CVE-2017-9047

CVE-2017-9047: libxml2 contains a stack-based buffer overflow in xmlSnprintfElementContent (valid.c) when dumping element content definitions; the check uses the pre-update length, allowing writes beyond the buffer and potentially crashing programs (e.g., PHP). The provided documents describe the...

7.5CVSS7.2AI score0.03185EPSS
CVE
CVE
added 2017/11/23 9:0 p.m.226 views

CVE-2017-16932

CVE-2017-16932 affects the libxml2 parser: in versions before 2.9.5, expanding a parameter entity in a DTD can result in infinite recursion, potentially leading to a denial of service or memory exhaustion. Affected component is the libxml2 XML C parser. Connected sources corroborate the issue and...

7.5CVSS6.7AI score0.05928EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.203 views

CVE-2017-9050

CVE-2017-9050 affects libxml2 (notably 2.9.4 builds such as 20904-GITv2.9.4-16-g0741801). Root cause: a heap-based buffer over-read in dict.c:xmlDictAddString, stemming from an incomplete fix for CVE-2016-1839. Impact: can cause a crash in applications using libxml2 (e.g., PHP). Public details in...

7.5CVSS7.5AI score0.04626EPSS
CVE
CVE
added 2017/05/10 5:14 a.m.178 views

CVE-2017-8872

CVE-2017-8872 affects libxml2 and is a buffer-over-read/overflow in htmlParseTryOrFinish() in HTMLparser.c. It can allow a local attacker to cause a denial of service or information disclosure. Affected context appears in multiple IBM security bulletins for libxml2-enabled devices (e.g., IBM Blad...

9.1CVSS7.7AI score0.02306EPSS
CVE
CVE
added 2017/04/11 4:0 p.m.171 views

CVE-2016-4483

CVE-2016-4483 is a libxml2 serialization bug: xmlBufAttrSerializeTxtContent can trigger an out-of-bounds read when a non-UTF-8 attribute value is serialized, leading to a denial of service. Connected records note related follow-ons: CVE-2016-9598 (and CVE-2016-9596) describe DoS/out-of-bounds sce...

7.5CVSS7.2AI score0.06165EPSS
CVE
CVE
added 2017/04/11 4:0 p.m.160 views

CVE-2017-5969

CVE-2017-5969 affects libxml2: a NULL pointer dereference in xmlSaveDoc when libxml2 is used in recover mode, enabling DoS via a crafted XML document. Connected IBM advisories confirm libxml2 is vulnerable in multiple IBM products (CMM, IMM2, Chassis/Streams/Cognos) and specify remediation via fi...

4.7CVSS5.5AI score0.0263EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.158 views

CVE-2017-9049

CVE-2017-9049 affects libxml2 prior to a fix released after 2.9.4. It describes a heap-based buffer over-read in xmlDictComputeFastKey within dict.c, which can cause programs using libxml2 (e.g., PHP) to crash. The vulnerability arises from an incomplete fix (Bug 759398). Public references show t...

7.5CVSS7.4AI score0.04626EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.150 views

CVE-2017-9048

CVE-2017-9048 affects libxml2. The vulnerability is a stack-based buffer overflow in the function xmlSnprintfElementContent (valid.c): when recursively dumping element content, the code may strcat two characters after computing the current length without ensuring the buffer has space, allowing a ...

7.5CVSS6.8AI score0.04888EPSS