CVE-2017-18258 – libxml2: Unrestricted memory usage in xz_head() function in xzlib.c
https://notcve.org/view.php?id=CVE-2017-18258
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. La función xz_head en xzlib.c en libxml2, en versiones anteriores a la 2.9.6, permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria) mediante un archivo LZMA. Esto se dene a que la funcionalidad de descifrado no restringe el uso de memoria a lo que se requiere para un archivo legítimo. • https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb https://kc.mcafee.com/corporate/index?page=content&id=SB10284 https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://security.netapp.com/advisory/ntap-20190719-0001 https://usn.ubuntu.com/3739-1 https://access.redhat.com/security/cve/CVE-2017-18258 https://bugzilla.redhat.com/show_bug.cgi?id=1566749 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2017-15412 – libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
https://notcve.org/view.php?id=CVE-2017-15412
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Uso de memoria previamente liberada en libxml2 en versiones anteriores a la 2.9.5, tal y como se emplea en Google Chrome en versiones anteriores a la 63.0.3239.84 y otros productos, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file. • http://www.securitytracker.com/id/1040348 https://access.redhat.com/errata/RHSA-2017:3401 https://access.redhat.com/errata/RHSA-2018:0287 https://bugzilla.gnome.org/show_bug.cgi?id=783160 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/727039 https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2018/dsa-4086 https://access.redhat. • CWE-416: Use After Free •
CVE-2017-16932
https://notcve.org/view.php?id=CVE-2017-16932
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. parser.c en libxml2 en versiones anteriores a la 2.9.5 no evita la recursión infinita en las entidades de parámetro. • http://xmlsoft.org/news.html https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html https://bugzilla.gnome.org/show_bug.cgi?id=759579 https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2017/11 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-16931
https://notcve.org/view.php?id=CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. parser.c en libxml2 en versiones anteriores a la 2.9.5 gestiona de manera incorrecta las referencias de entidades de parámetro debido a que la macro NEXTL llama a la función xmlParserHandlePEReference en caso de que haya un carácter "%" en un nombre DTD. • http://xmlsoft.org/news.html https://bugzilla.gnome.org/show_bug.cgi?id=766956 https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html https://www.oracle.com//security-alerts/cpujul2021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-5130 – chromium-browser: heap overflow in libxml2
https://notcve.org/view.php?id=CVE-2017-5130
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. Un desbordamiento de enteros en xmlmemory.c en versiones anteriores a la 2.9.5 de libxml2, tal y como se emplea en Google Chrome, en versiones anteriores a la 62.0.3202.62 y en otros productos, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante un archivo XML manipulado. A heap overflow flaw was found in the libxml2 library. An application compiled with libxml2 using the vulnerable debug-only function xmlMemoryStrdup could be used by an attacker to crash the application or execute arbitrary code with the permission of the user running the application. • http://bugzilla.gnome.org/show_bug.cgi?id=783026 http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/722079 https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html https://security.gentoo. • CWE-787: Out-of-bounds Write •