CVSS: 9.8EPSS: 1%CPEs: 189EXPL: 0CVE-2013-2877 – libxml2: Out-of-bounds read via a document that ends abruptly
https://notcve.org/view.php?id=CVE-2013-2877
10 Jul 2013 — parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. parser.c en libxml2 anterior a 2.9.0 utilizada en Google Chrome anterior a 28.0.1500.71 y otros productos, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de un documento que finaliza de... • ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 134EXPL: 0CVE-2013-0338 – libxml2: CPU consumption DoS when performing string substitutions during entities expansion
https://notcve.org/view.php?id=CVE-2013-0338
25 Apr 2013 — libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. libxml2 v2.9.0 y anteriores permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de memoria y CPU) a través de un archivo XML que contiene una declaración de la entidad con el nuevo texto ... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 226EXPL: 0CVE-2012-5134 – libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
https://notcve.org/view.php?id=CVE-2012-5134
28 Nov 2012 — Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. Desbordamiento de búfer basado en memoria dinámica en la función xmlParseAttValueComplex en parser.c en libxml2 2.9.0 y anteriores, como las usadas en Google Chrome anteriores a 23.0.1271.91,permite a atacant... • http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 101EXPL: 0CVE-2012-2871 – libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
https://notcve.org/view.php?id=CVE-2012-2871
31 Aug 2012 — libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. libxml2 v2.9.0-rc1 y anteriores, tal como se utiliza en Google Chrome antes de v21.0.1180.89, no admite correctamente un conversión de una variable no espec... • http://code.google.com/p/chromium/issues/detail?id=138673 • CWE-122: Heap-based Buffer Overflow •