Libxml2 Security Vulnerabilities and Issues — Libxml2 CVE List

Lucene search

XmlsoftLibxml2

9 matches found

CVE•added 2017/11/23 9:29 p.m.•234 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

9.8CVSS8.9AI score0.00462EPSS

CVE•added 2017/05/18 6:29 a.m.•189 views

CVE-2017-9047

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML...

7.5CVSS7.2AI score0.03032EPSS

CVE•added 2017/11/23 9:29 p.m.•181 views

CVE-2017-16932

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

7.5CVSS6.7AI score0.01584EPSS

CVE•added 2017/05/18 6:29 a.m.•179 views

CVE-2017-9050

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.

7.5CVSS7.5AI score0.03399EPSS

CVE•added 2017/05/10 5:29 a.m.•159 views

CVE-2017-8872

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

9.1CVSS7.7AI score0.00267EPSS

CVE•added 2017/04/11 4:59 p.m.•140 views

CVE-2016-4483

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

7.5CVSS7.2AI score0.0127EPSS

CVE•added 2017/04/11 4:59 p.m.•140 views

CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

4.7CVSS5.5AI score0.01612EPSS

CVE•added 2017/05/18 6:29 a.m.•136 views

CVE-2017-9049

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

7.5CVSS7.4AI score0.00438EPSS

CVE•added 2017/05/18 6:29 a.m.•122 views

CVE-2017-9048

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more c...

7.5CVSS6.8AI score0.00575EPSS