Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libxml2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2016-3709
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
Xmlsoft Libxml2
4.3
CVSSv2
CVE-2017-18258
The xz_head function in xzlib.c in libxml2 prior to 2.9.6 allows remote malicious users to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
Xmlsoft Libxml2
9.3
CVSSv2
CVE-2003-1564
libxml2, possibly prior to 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references,...
Xmlsoft Libxml2
NA
CVE-2024-25062
An issue exists in libxml2 prior to 2.11.7 and 2.12.x prior to 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
Xmlsoft Libxml2
7.5
CVSSv2
CVE-2017-16931
parser.c in libxml2 prior to 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Xmlsoft Libxml2
5
CVSSv2
CVE-2017-16932
parser.c in libxml2 prior to 2.9.5 does not prevent infinite recursion in parameter entities.
Xmlsoft Libxml2
7.5
CVSSv2
CVE-2013-1969
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions...
Xmlsoft Libxml2 2.9.0
6.4
CVSSv2
CVE-2017-8872
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows malicious users to cause a denial of service (buffer over-read) or information disclosure.
Xmlsoft Libxml2 2.9.4
2.6
CVSSv2
CVE-2017-5969
libxml2 2.9.4, when used in recover mode, allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for ma...
Xmlsoft Libxml2 2.9.4
2 Github repositories
NA
CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 exists to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the p...
Xmlsoft Libxml2 2.11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »