Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libxml2
(Xmlsoft)| Repositories | https://github.com/GNOME/libxml2 |
| #Vulnerabilities | 89 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-24 | CVE-2023-29469 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). | Debian_linux, Libxml2 | 6.5 | ||
| 2008-09-12 | CVE-2008-3529 | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | Iphone_os, Mac_os_x, Safari, Ubuntu_linux, Debian_linux, Libxml2 | N/A | ||
| 2009-08-11 | CVE-2009-2414 | Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | Libxml, Libxml2 | N/A | ||
| 2012-12-21 | CVE-2012-0841 | libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. | Iphone_os, Libxml2 | N/A | ||
| 2015-12-15 | CVE-2015-7499 | Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Libxml2 | N/A | ||
| 2015-12-15 | CVE-2015-7497 | Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. | Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Libxml2 | N/A | ||
| 2015-12-15 | CVE-2015-7498 | Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. | Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Libxml2 | N/A | ||
| 2015-12-15 | CVE-2015-7500 | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Libxml2 | N/A | ||
| 2016-05-17 | CVE-2016-3705 | The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. | Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Leap, Libxml2 | 7.5 | ||
| 2016-06-09 | CVE-2016-4448 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | Icloud, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Icewall_federation_agent, Web_gateway, Linux, Vm_server, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Slackware_linux, Log_correlation_engine, Libxml2 | 9.8 |