CVE-2017-15412

Debian Bug report logs - #883790 libxml2: CVE-2017-15412: use-after-free in xmlXPathCompOpEvalPositionalPredicate Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Dec 2017 15:24: ...

libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file ...

libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file ...

Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2's XPath engine via an XSLT transformation For the oldstable distribution (jessie), this problem has been fixed in version 291+dfsg1-5+deb8u6 For the stable distribution (stretch), this problem ...

Synopsis Critical: chromium-browser security update Type/Severity Security Advisory: Critical Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Topic An update for libxml2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...

A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...

Use after free in libxml2 before 295, as used in Google Chrome prior to 630323984 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ...

A use after free has been found in the libxml component of the Chromium browser before 630323984 ...