|
2010-12-07
|
CVE-2010-4494 |
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. |
Openoffice,
Iphone_os,
Itunes,
Mac_os_x,
Safari,
Debian_linux,
Fedora,
Chrome,
Insight_control_server_deployment,
Rapid_deployment_pack,
Opensuse,
Enterprise_linux_desktop,
Enterprise_linux_eus,
Enterprise_linux_server,
Enterprise_linux_workstation,
Suse_linux_enterprise_server,
Libxml2
|
N/A
|
|
|
2020-01-21
|
CVE-2020-7595 |
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. |
Libxml2
|
N/A
|
|
|
2020-01-21
|
CVE-2019-20388 |
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. |
Libxml2
|
N/A
|
|
|
2019-12-24
|
CVE-2019-19956 |
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. |
Debian_linux,
Libxml2
|
N/A
|
|
|
2010-11-17
|
CVE-2010-4008 |
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. |
Openoffice,
Iphone_os,
Itunes,
Mac_os_x,
Safari,
Ubuntu_linux,
Debian_linux,
Chrome,
Opensuse,
Enterprise_linux_desktop,
Enterprise_linux_server,
Enterprise_linux_server_eus,
Enterprise_linux_workstation,
Suse_linux_enterprise_server,
Libxml2
|
N/A
|
|
|
2016-02-12
|
CVE-2016-2073 |
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. |
Ubuntu_linux,
Debian_linux,
Libxml2
|
N/A
|
|
|
2016-04-11
|
CVE-2015-8710 |
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. |
Debian_linux,
Libxml2
|
N/A
|
|
|
2016-06-09
|
CVE-2016-4448 |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. |
Icloud,
Iphone_os,
Itunes,
Mac_os_x,
Tvos,
Watchos,
Icewall_federation_agent,
Web_gateway,
Linux,
Vm_server,
Enterprise_linux_desktop,
Enterprise_linux_server,
Enterprise_linux_server_aus,
Enterprise_linux_server_eus,
Enterprise_linux_server_tus,
Enterprise_linux_workstation,
Slackware_linux,
Log_correlation_engine,
Libxml2
|
N/A
|
|
|
2018-07-30
|
CVE-2016-9597 |
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. |
Ubuntu_linux,
Debian_linux,
Icewall_federation_agent,
Icewall_file_manager,
Leap,
Libxml2
|
7.5
|
|
|
2018-04-08
|
CVE-2017-18258 |
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. |
Libxml2
|
6.5
|
|