CVE-2017-15412 – libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
https://notcve.org/view.php?id=CVE-2017-15412
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Uso de memoria previamente liberada en libxml2 en versiones anteriores a la 2.9.5, tal y como se emplea en Google Chrome en versiones anteriores a la 63.0.3239.84 y otros productos, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file. • http://www.securitytracker.com/id/1040348 https://access.redhat.com/errata/RHSA-2017:3401 https://access.redhat.com/errata/RHSA-2018:0287 https://bugzilla.gnome.org/show_bug.cgi?id=783160 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/727039 https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2018/dsa-4086 https://access.redhat. • CWE-416: Use After Free •
CVE-2017-16932
https://notcve.org/view.php?id=CVE-2017-16932
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. parser.c en libxml2 en versiones anteriores a la 2.9.5 no evita la recursión infinita en las entidades de parámetro. • http://xmlsoft.org/news.html https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html https://bugzilla.gnome.org/show_bug.cgi?id=759579 https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2017/11 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-16931
https://notcve.org/view.php?id=CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. parser.c en libxml2 en versiones anteriores a la 2.9.5 gestiona de manera incorrecta las referencias de entidades de parámetro debido a que la macro NEXTL llama a la función xmlParserHandlePEReference en caso de que haya un carácter "%" en un nombre DTD. • http://xmlsoft.org/news.html https://bugzilla.gnome.org/show_bug.cgi?id=766956 https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html https://www.oracle.com//security-alerts/cpujul2021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-5130 – chromium-browser: heap overflow in libxml2
https://notcve.org/view.php?id=CVE-2017-5130
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. Un desbordamiento de enteros en xmlmemory.c en versiones anteriores a la 2.9.5 de libxml2, tal y como se emplea en Google Chrome, en versiones anteriores a la 62.0.3202.62 y en otros productos, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante un archivo XML manipulado. A heap overflow flaw was found in the libxml2 library. An application compiled with libxml2 using the vulnerable debug-only function xmlMemoryStrdup could be used by an attacker to crash the application or execute arbitrary code with the permission of the user running the application. • http://bugzilla.gnome.org/show_bug.cgi?id=783026 http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/722079 https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html https://security.gentoo. • CWE-787: Out-of-bounds Write •
CVE-2017-7376
https://notcve.org/view.php?id=CVE-2017-7376
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. Desbordamiento de búfer en libxml2 permite que atacantes remotos ejecuten código arbitrario aprovechando un límite incorrecto para los valores del puerto cuando se gestionan las redirecciones. • http://www.securityfocus.com/bid/98877 http://www.securitytracker.com/id/1038623 https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4 https://bugzilla.redhat.com/show_bug.cgi?id=1462216 https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e https://source.android.com/security/bulletin/2017-06-01 https://www.debian.org/security/2017/dsa-3952 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •