Vulnerabilities > Xmlsoft > Libxml > 1.8.17
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-11 | CVE-2009-2416 | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | 6.5 |
2005-03-01 | CVE-2004-0989 | Remote Stack Buffer Overflow vulnerability in Libxml2 Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. | 10.0 |
2004-03-15 | CVE-2004-0110 | Remote URI Parsing Buffer Overrun vulnerability in libxml2 Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | 7.5 |