National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:xmlsoft:libxml2:2.2.0:beta
There are 43 matching records.
Displaying matches 41 through 43.
Vuln ID Summary CVSS Severity
CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Published: September 12, 2008; 12:56:20 PM -04:00
V2: 10.0 HIGH
CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Published: August 27, 2008; 04:41:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2003-1564

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

Published: December 31, 2003; 12:00:00 AM -05:00
V2: 9.3 HIGH