CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9050 – libxml2: Heap-based buffer over-read in function xmlDictAddString
https://notcve.org/view.php?id=CVE-2017-9050
18 May 2017 — libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. libxml2 20904-GIT versión 2.9.4-16-g0741801, es vulnerable a una lectura excesiva de búfer en la región heap de la memoria en la función xmlDictAddString en el archivo dict.c. Esta vulnerabilidad causa que los programas que utilizan li... • http://www.debian.org/security/2017/dsa-3952 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9047 – libxml2: Buffer overflow in function xmlSnprintfElementContent
https://notcve.org/view.php?id=CVE-2017-9047
18 May 2017 — A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits al... • http://www.debian.org/security/2017/dsa-3952 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8872 – Ubuntu Security Notice USN-4991-1
https://notcve.org/view.php?id=CVE-2017-8872
10 May 2017 — The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. La función htmlParseTryOrFinish en HTMLparser.c en libxml2 2.9.4 permite a los atacantes causar una denegación de servicio (sobrelectura de búfer) o divulgación de información. Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or po... • https://bugzilla.gnome.org/show_bug.cgi?id=775200 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 2%CPEs: 1EXPL: 0CVE-2017-5969 – Gentoo Linux Security Advisory 201711-01
https://notcve.org/view.php?id=CVE-2017-5969
11 Apr 2017 — libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser. ** DISPUTADO ** libxml2 2.9.4, cuando se utiliza en el modo de recuperación, permite a los atacantes remotos provocar una denegación de servicio (referencia de puntero NULL) por medio de un documento XML ... • http://www.openwall.com/lists/oss-security/2016/11/05/3 • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 1CVE-2016-9318 – libxml2: XML External Entity vulnerability
https://notcve.org/view.php?id=CVE-2016-9318
16 Nov 2016 — libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. libxml2 2.9.4 y versiones anteriores, como se usa en XMLSec 1.2.23 y versiones anteriores y otros productos, no ofrece un indicador que indique directamente que el documento actual puede ser leido pero... • http://www.securityfocus.com/bid/94347 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 19%CPEs: 5EXPL: 0CVE-2016-4658 – libxml2: Use after free via namespace node in XPointer ranges
https://notcve.org/view.php?id=CVE-2016-4658
20 Sep 2016 — xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. xpointer.c en libxml2, en versiones anteriores a la 2.9.5 (tal y como se usa en Apple iOS en versiones anteriores a la 10, OS X en versiones anteriores a la 10.12,... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 8.8EPSS: 5%CPEs: 17EXPL: 0CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to
https://notcve.org/view.php?id=CVE-2016-5131
23 Jul 2016 — Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2016-4483 – libxml2: out-of-bounds read
https://notcve.org/view.php?id=CVE-2016-4483
02 Jun 2016 — The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. La función xmlBufAttrSerializeTxtContent en xmlsave.c en libxml2 permite a atacantes dependientes del contexto provocar una denegación de servicio (lectura fuera de límites y caída de aplicación) a través de un valor ... • http://rhn.redhat.com/errata/RHSA-2016-2957.html • CWE-122: Heap-based Buffer Overflow CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-4449 – libxml2: Inappropriate fetch of entities content
https://notcve.org/view.php?id=CVE-2016-4449
27 May 2016 — XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. Vulneravilidad de XML external entity (XXE) en la función xmlStringLenDecodeEntities en parser.c en libxml2 en versiones anteriores a 2.9.4, cuando no está en modo de validación, permite a atacantes dependientes del contexto le... • http://jvn.jp/en/jp/JVN17535578/index.html • CWE-20: Improper Input Validation •