CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2018-14404 – libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c
https://notcve.org/view.php?id=CVE-2018-14404
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. Existe una vulnerabilidad de desreferencia de puntero NULL en la función xpath.c:xmlXPathCompOpEval() de libxml2 hasta la versión 2.9.8 al analizar una expresión XPath inválida en los casos XPATH_OP_AND o XPATH_OP_OR. Las aplicaciones que procesan entradas de formato XLS no fiables mediante la biblioteca libxml2 podrían ser vulnerables a un ataque de denegación de servicio (DoS) debido al cierre inesperado de la aplicación. A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. • https://access.redhat.com/errata/RHSA-2019:1543 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://bugzilla.redhat.com/show_bug.cgi?id=1595985 https://gitlab.gnome.org/GNOME/libxml2/issues/10 https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://security.netapp.com/advisory/ntap-20190719-0002 https://usn.ubuntu.com/3739-1 https://usn.ubuntu.com/3739-2 https://acc • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-18258 – libxml2: Unrestricted memory usage in xz_head() function in xzlib.c
https://notcve.org/view.php?id=CVE-2017-18258
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. La función xz_head en xzlib.c en libxml2, en versiones anteriores a la 2.9.6, permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria) mediante un archivo LZMA. Esto se dene a que la funcionalidad de descifrado no restringe el uso de memoria a lo que se requiere para un archivo legítimo. • https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb https://kc.mcafee.com/corporate/index?page=content&id=SB10284 https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://security.netapp.com/advisory/ntap-20190719-0001 https://usn.ubuntu.com/3739-1 https://access.redhat.com/security/cve/CVE-2017-18258 https://bugzilla.redhat.com/show_bug.cgi?id=1566749 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2017-15412 – libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
https://notcve.org/view.php?id=CVE-2017-15412
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Uso de memoria previamente liberada en libxml2 en versiones anteriores a la 2.9.5, tal y como se emplea en Google Chrome en versiones anteriores a la 63.0.3239.84 y otros productos, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file. • http://www.securitytracker.com/id/1040348 https://access.redhat.com/errata/RHSA-2017:3401 https://access.redhat.com/errata/RHSA-2018:0287 https://bugzilla.gnome.org/show_bug.cgi?id=783160 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/727039 https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2018/dsa-4086 https://access.redhat. • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16931
https://notcve.org/view.php?id=CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. parser.c en libxml2 en versiones anteriores a la 2.9.5 gestiona de manera incorrecta las referencias de entidades de parámetro debido a que la macro NEXTL llama a la función xmlParserHandlePEReference en caso de que haya un carácter "%" en un nombre DTD. • http://xmlsoft.org/news.html https://bugzilla.gnome.org/show_bug.cgi?id=766956 https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html https://www.oracle.com//security-alerts/cpujul2021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-16932
https://notcve.org/view.php?id=CVE-2017-16932
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. parser.c en libxml2 en versiones anteriores a la 2.9.5 no evita la recursión infinita en las entidades de parámetro. • http://xmlsoft.org/news.html https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html https://bugzilla.gnome.org/show_bug.cgi?id=759579 https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2017/11&# • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •