Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libxml2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-18258
The xz_head function in xzlib.c in libxml2 prior to 2.9.6 allows remote malicious users to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
Xmlsoft Libxml2
2.6
CVSSv2
CVE-2018-9251
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote malicious users to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-803...
Xmlsoft Libxml2 2.9.8
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2017-7375
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surfa...
Xmlsoft Libxml2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 7.0
Google Android 5.1.1
Google Android 6.0.1
Google Android 5.0.2
Google Android 7.1.1
Google Android 7.1.2
Google Android 4.4.4
Google Android 6.0
Google Android 7.0
Xmlsoft Libxml2 2.9.4
10
CVSSv2
CVE-2017-7376
Buffer overflow in libxml2 allows remote malicious users to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
Xmlsoft Libxml2
Google Android 7.1.2
Google Android 6.0.1
Google Android 5.0.2
Google Android 5.1.1
Google Android 4.4.4
Google Android 7.1.1
Google Android 7.0
Google Android 6.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
6.8
CVSSv2
CVE-2017-5130
An integer overflow in xmlmemory.c in libxml2 prior to 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote malicious user to potentially exploit heap corruption via a crafted XML file.
Google Chrome
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Xmlsoft Libxml2
7.5
CVSSv2
CVE-2017-16931
parser.c in libxml2 prior to 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Xmlsoft Libxml2
5
CVSSv2
CVE-2017-16932
parser.c in libxml2 prior to 2.9.5 does not prevent infinite recursion in parameter entities.
Xmlsoft Libxml2
6.8
CVSSv2
CVE-2017-7010
An issue exists in certain Apple products. iOS prior to 10.3.3 is affected. macOS prior to 10.12.6 is affected. iCloud prior to 6.2.2 on Windows is affected. iTunes prior to 12.6.2 on Windows is affected. tvOS prior to 10.2.2 is affected. The issue involves the "libxml2"...
Apple Icloud
Apple Itunes
Apple Mac Os X
Apple Tvos
Apple Iphone Os
6.8
CVSSv2
CVE-2017-7013
An issue exists in certain Apple products. iOS prior to 10.3.3 is affected. macOS prior to 10.12.6 is affected. iCloud prior to 6.2.2 on Windows is affected. iTunes prior to 12.6.2 on Windows is affected. tvOS prior to 10.2.2 is affected. watchOS prior to 3.2.3 is affected. The i...
Apple Icloud
Apple Itunes
Apple Watchos
Apple Mac Os X
Apple Tvos
Apple Iphone Os
7.5
CVSSv2
CVE-2017-10672
Use-after-free in the XML-LibXML module up to and including 2.0129 for Perl allows remote malicious users to execute arbitrary code by controlling the arguments to a replaceChild call.
Xml-libxml Project Xml-libxml
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »