Lucene search
K

11 matches found

CVE
CVE
added 2018/07/19 1:0 p.m.331 views

CVE-2018-14404

The CVE-2018-14404 entry affects libxml2 (up to 2.9.8). It describes a NULL pointer dereference in xpath.c:xmlXPathCompOpEval() when parsing an invalid XPath expression in the XPATH_OP_AND/OR case, potentially causing a denial-of-service crash for applications processing untrusted XSL inputs. Pub...

7.5CVSS6.3AI score0.03681EPSS
CVE
CVE
added 2018/02/07 11:0 p.m.318 views

CVE-2017-5130

CVE-2017-5130 describes an integer overflow in libxml2’s xmlmemory.c that could enable a remote attacker to cause heap corruption via a crafted XML file. The vulnerability affects libxml2 up to version before 2.9.5 and has been observed in products such as Google Chrome (prior to 62.0.3202.62) an...

8.8CVSS6.6AI score0.02765EPSS
CVE
CVE
added 2018/08/28 7:0 p.m.306 views

CVE-2017-15412

CVE-2017-15412 is a use-after-free in libxml2 (affected before 2.9.5) used by Chrome and other products, potentially enabling heap corruption via crafted HTML. Connected advisories also reference CVE-2018-14404 (NULL pointer dereference in xmlXPathCompOpEval) affecting libxml2 up to 2.9.8 during ...

8.8CVSS7AI score0.02963EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.257 views

CVE-2018-14567

CVE-2018-14567: libxml2 2.9.8 with LZMA support is vulnerable to denial of service via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR (infinite loop). Exploitation vector is a crafted XML payload; affected component is libxml2/xz decompression path when built with --with-lzma. Several vendo...

6.5CVSS6.7AI score0.043EPSS
CVE
CVE
added 2018/04/04 2:0 a.m.255 views

CVE-2018-9251

CVE-2018-9251 affects libxml2

5.3CVSS6.6AI score0.0244EPSS
CVE
CVE
added 2018/02/19 7:0 p.m.205 views

CVE-2017-7376

CVE-2017-7376 is described in the connected IBM bulletin as a buffer overflow in libxml2 that allows remote code execution by exploiting an incorrect limit for port values when handling redirects. The provided documents confirm the existence of this vulnerability and its impact on libxml2, but do...

10CVSS8.1AI score0.23694EPSS
CVE
CVE
added 2018/04/08 5:0 p.m.198 views

CVE-2017-18258

The CVE-2017-18258 entry affects libxml2: the xz_head function in xzlib.c (pre-2.9.6) allows remote attackers to cause a denial of service via crafted LZMA files by not restricting memory usage to a legitimate file. Impact is memory consumption/DoS; no exploit details are provided in the initial ...

6.5CVSS5.9AI score0.02706EPSS
CVE
CVE
added 2018/02/19 7:0 p.m.155 views

CVE-2017-7375

CVE-2017-7375 describes a flaw in the libxml2 parser that allows remote XML entity inclusion when default parser flags are used (no substitution/validation/DTD loading). This XXE can cause access to local files or remote resources (HTTP/FTP) depending on context, potentially expanding the attacke...

9.8CVSS6.9AI score0.0264EPSS
CVE
CVE
added 2018/07/30 2:0 p.m.111 views

CVE-2016-9597

CVE-2016-9597 is a regression for CVE-2016-3705 where Red Hat/JBoss RHSA-2016:2957 did not include the fix for libxml2, leaving a denial-of-service risk via a stack overflow. The connected records confirm libxml2 as the affected library and document multiple publisher advisories (RHSA-2016:1292, ...

7.5CVSS7AI score0.05103EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.89 views

CVE-2016-9598

CVE-2016-9598 affects libxml2 as used in Red Hat JBoss Core Services. The vulnerability is a denial-of-service due to an out-of-bounds read in libxml2 triggered by a specially crafted XML document, which can crash the application. Note that this issue exists because of a missing fix for CVE-2016-...

6.5CVSS7.1AI score0.01235EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.73 views

CVE-2016-9596

CVE-2016-9596 is a libxml2-based denial-of-service issue observed in Red Hat JBoss Core Services, triggered by a crafted XML document while in recovery mode. The linked CNVD entry corroborates a DoS via a crafted XML document, noting a stack-related impact (stack corruption/DoS) and that it arise...

6.5CVSS7.2AI score0.01076EPSS