Vulnerabilities > Xmlsoft

DATE CVE VULNERABILITY TITLE RISK
2020-09-04 CVE-2020-24977 Out-Of-Bounds Read vulnerability in multiple products
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
6.4
2020-01-21 CVE-2020-7595 Infinite Loop vulnerability in Xmlsoft Libxml2 2.9.10
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
network
low complexity
xmlsoft CWE-835
5.0
2020-01-21 CVE-2019-20388 Improper Resource Shutdown OR Release vulnerability in Xmlsoft Libxml2 2.9.10
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
network
low complexity
xmlsoft CWE-404
5.0
2019-12-24 CVE-2019-19956 Missing Release of Resource After Effective Lifetime vulnerability in multiple products
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
network
low complexity
xmlsoft debian CWE-772
5.0
2019-12-11 CVE-2019-5815 Type Confusion vulnerability in Xmlsoft Libxslt
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
network
low complexity
xmlsoft CWE-843
5.0
2019-10-18 CVE-2019-18197 USE After Free vulnerability in multiple products
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances.
network
high complexity
xmlsoft canonical debian CWE-416
5.1
2019-07-01 CVE-2019-13118 Type Confusion vulnerability in Xmlsoft Libxslt 1.1.33
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
network
low complexity
xmlsoft CWE-843
5.0
2019-07-01 CVE-2019-13117 USE of Uninitialized Resource vulnerability in Xmlsoft Libxslt 1.1.33
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers.
network
low complexity
xmlsoft CWE-908
5.0
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian
7.5
2018-08-28 CVE-2017-15412 USE After Free vulnerability in multiple products
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.8