CVE-2016-9318 – libxml2: XML External Entity vulnerability
https://notcve.org/view.php?id=CVE-2016-9318
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. libxml2 2.9.4 y versiones anteriores, como se usa en XMLSec 1.2.23 y versiones anteriores y otros productos, no ofrece un indicador que indique directamente que el documento actual puede ser leido pero otros archivos no pueden ser abiertos, lo que facilita a atacantes remotos llevar a cabo ataques XML External Entity (XXE) a través de un documento manipulado. • http://www.securityfocus.com/bid/94347 https://bugzilla.gnome.org/show_bug.cgi?id=772726 https://github.com/lsh123/xmlsec/issues/43 https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html https://security.gentoo.org/glsa/201711-01 https://usn.ubuntu.com/3739-1 https://usn.ubuntu.com/3739-2 https://access.redhat.com/security/cve/CVE-2016-9318 https://bugzilla.redhat.com/show_bug.cgi?id=1395609 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-4658 – libxml2: Use after free via namespace node in XPointer ranges
https://notcve.org/view.php?id=CVE-2016-4658
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. xpointer.c en libxml2, en versiones anteriores a la 2.9.5 (tal y como se usa en Apple iOS en versiones anteriores a la 10, OS X en versiones anteriores a la 10.12, tvOS en versiones anteriores a la 10 y watchOS en versiones anteriores a la 3 y otros productos) no prohíbe los nodos de espacio de nombre en los rangos XPointer. Esto permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada y corrupción de memoria) mediante un documento XML manipulado. A use-after-free flaw was found in the Xpointer implementation of libxml2. An attacker could use this flaw against an application parsing untrusted XML files and compiled with libxml2 to leak small amount of memory data. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 http://www.securitytracker.com/id/1038623 https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to
https://notcve.org/view.php?id=CVE-2016-5131
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la función range-to XPointer. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/m • CWE-416: Use After Free •
CVE-2016-4483 – libxml2: out-of-bounds read
https://notcve.org/view.php?id=CVE-2016-4483
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. La función xmlBufAttrSerializeTxtContent en xmlsave.c en libxml2 permite a atacantes dependientes del contexto provocar una denegación de servicio (lectura fuera de límites y caída de aplicación) a través de un valor de atributo non-UTF-8, relacionado con la serialización. NOTA: esta vulnerabilidad puede ser un duplicado de CVE-2016-3627. • http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.debian.org/security/2016/dsa-3593 http://www.openwall.com/lists/oss-security/2016/05/03/8 http://www.openwall.com/lists/oss-security/2016/05/04/7 http://www.openwall.com/lists/oss-security/2016/06/07/4 http://www.openwall.com/lists/oss-security/2016/06/07/5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/90013 http://www.securitytrac • CWE-122: Heap-based Buffer Overflow CWE-502: Deserialization of Untrusted Data •
CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.openwall.com/lists/oss-security/2016/05/25/2 http://www • CWE-134: Use of Externally-Controlled Format String •