Vulnerabilities > Xmlsoft > Libxml2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-19 | CVE-2017-7375 | XXE vulnerability in multiple products A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). | 9.8 |
| 2018-02-07 | CVE-2017-5130 | Out-of-bounds Write vulnerability in multiple products An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. | 8.8 |
| 2017-11-23 | CVE-2017-16932 | Infinite Loop vulnerability in Xmlsoft Libxml2 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. | 7.5 |
| 2017-11-23 | CVE-2017-16931 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. | 9.8 |
| 2017-05-18 | CVE-2017-9050 | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. | 7.5 |
| 2017-05-18 | CVE-2017-9049 | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. | 7.5 |
| 2017-05-18 | CVE-2017-9048 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. | 7.5 |
| 2017-05-18 | CVE-2017-9047 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. | 7.5 |
| 2017-05-10 | CVE-2017-8872 | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | 9.1 |
| 2017-04-11 | CVE-2017-5969 | NULL Pointer Dereference vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. | 4.7 |