Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xmlsoft xmllint vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4409
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent malicious users to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML doc...
Xmlsoft Libxml2 2.7.1
Xmlsoft Libxml2 2.7.0
1 EDB exploit
7.8
CVSSv3
CVE-2021-3516
There's a flaw in libxml2's xmllint in versions prior to 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
Xmlsoft Xmllint
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Core Services -
Redhat Enterprise Linux 8.0
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Oracle Zfs Storage Appliance Kit 8.8
4.7
CVSSv3
CVE-2017-5969
libxml2 2.9.4, when used in recover mode, allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for ma...
Xmlsoft Libxml2 2.9.4
2 Github repositories
5.3
CVSSv3
CVE-2018-9251
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote malicious users to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-803...
Xmlsoft Libxml2 2.9.8
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2017-16931
parser.c in libxml2 prior to 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Xmlsoft Libxml2
6.5
CVSSv3
CVE-2017-18258
The xz_head function in xzlib.c in libxml2 prior to 2.9.6 allows remote malicious users to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
Xmlsoft Libxml2
6.5
CVSSv3
CVE-2023-28484
In libxml2 prior to 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Xmlsoft Libxml2
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2023-29469
An issue exists in libxml2 prior to 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an...
Xmlsoft Libxml2
Debian Debian Linux 10.0
1 Github repository
6.5
CVSSv3
CVE-2018-14567
libxml2 2.9.8, if --with-lzma is used, allows remote malicious users to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Xmlsoft Libxml2 2.9.8
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2018-14404
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 up to and including 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of ...
Canonical Ubuntu Linux 12.04
Debian Debian Linux -
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Xmlsoft Libxml2
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »