CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-14567 – libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
https://notcve.org/view.php?id=CVE-2018-14567
15 Aug 2018 — libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. libxml2 2.9.8, si se emplea --with-lzma, permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante un archivo XML manipulado que desencadena LZMA_MEMLIMIT_ERROR, tal y como queda demostrado por xmllint. Esta vulnerabili... • http://www.securityfocus.com/bid/105198 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 22%CPEs: 6EXPL: 0CVE-2018-14404 – libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c
https://notcve.org/view.php?id=CVE-2018-14404
19 Jul 2018 — A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. Existe una vulnerabilidad de desreferencia de puntero NULL en la función xpath.c:xmlXPathCompOpEval() de libxml2 hasta la versión 2.9.8 al an... • https://access.redhat.com/errata/RHSA-2019:1543 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2018-9251 – libxml2: infinite loop in xz_decomp function in xzlib.c
https://notcve.org/view.php?id=CVE-2018-9251
04 Apr 2018 — The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. La función xz_decomp en xzlib.c en libxml2 2.9.8, si se emplea --with-lzma, permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante un archivo XML manipulado que desencadena LZMA_MEMLIMIT_ERROR, tal... • https://bugzilla.gnome.org/show_bug.cgi?id=794914 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •