Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:xmlsoft:libxml2:2.9.5:rc1:*:*:*:*:*:*
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Published: May 19, 2021; 10:15:07 AM -0400
V3.1: 8.6 HIGH
V2.0: 7.5 HIGH

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Published: May 18, 2021; 8:15:08 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Published: May 14, 2021; 4:15:16 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Published: December 24, 2019; 11:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Published: July 19, 2018; 9:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

Published: April 08, 2018; 1:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM