Filtered by vendor Xmlsoft
Subscriptions
Total
129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9047 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2025-04-20 | N/A |
| A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. | ||||
| CVE-2017-8872 | 1 Xmlsoft | 1 Libxml2 | 2025-04-20 | N/A |
| The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | ||||
| CVE-2017-16931 | 1 Xmlsoft | 1 Libxml2 | 2025-04-20 | N/A |
| parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. | ||||
| CVE-2017-9049 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2025-04-20 | N/A |
| libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. | ||||
| CVE-2017-5029 | 7 Apple, Debian, Google and 4 more | 11 Macos, Debian Linux, Android and 8 more | 2025-04-20 | 8.8 High |
| The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | ||||
| CVE-2016-4608 | 4 Apple, Fedoraproject, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2025-04-12 | 9.8 Critical |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. | ||||
| CVE-2015-8242 | 5 Apple, Canonical, Hp and 2 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2025-04-12 | N/A |
| The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | ||||
| CVE-2016-3705 | 6 Canonical, Debian, Hp and 3 more | 8 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 5 more | 2025-04-12 | N/A |
| The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. | ||||
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 22 Icloud, Iphone Os, Itunes and 19 more | 2025-04-12 | 9.8 Critical |
| Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | ||||
| CVE-2016-4449 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | ||||
| CVE-2015-6838 | 3 Php, Redhat, Xmlsoft | 3 Php, Rhel Software Collections, Libxml2 | 2025-04-12 | N/A |
| The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | ||||
| CVE-2016-2073 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2025-04-12 | 6.5 Medium |
| The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. | ||||
| CVE-2015-8035 | 5 Apple, Canonical, Debian and 2 more | 10 Iphone Os, Mac Os X, Tvos and 7 more | 2025-04-12 | N/A |
| The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. | ||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 17 Iphone Os, Mac Os X, Safari and 14 more | 2025-04-12 | N/A |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | ||||
| CVE-2015-7499 | 7 Apple, Canonical, Debian and 4 more | 17 Iphone Os, Mac Os X, Tvos and 14 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | ||||
| CVE-2015-8806 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2025-04-12 | 7.5 High |
| dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. | ||||
| CVE-2015-6837 | 3 Php, Redhat, Xmlsoft | 3 Php, Rhel Software Collections, Libxml2 | 2025-04-12 | N/A |
| The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. | ||||
| CVE-2015-7995 | 2 Apple, Xmlsoft | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2025-04-12 | N/A |
| The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. | ||||
| CVE-2014-3660 | 5 Apple, Canonical, Debian and 2 more | 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | N/A |
| parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | ||||
| CVE-2015-8317 | 5 Canonical, Debian, Hp and 2 more | 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more | 2025-04-12 | N/A |
| The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | ||||