Vulnerabilities > Xmlsoft > Libxml2 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-30 | CVE-2016-9597 | It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. | 7.5 |
| 2018-07-19 | CVE-2018-14404 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. | 7.5 |
| 2018-02-07 | CVE-2017-5130 | Out-of-bounds Write vulnerability in multiple products An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. | 8.8 |
| 2017-11-23 | CVE-2017-16932 | Infinite Loop vulnerability in Xmlsoft Libxml2 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. | 7.5 |
| 2017-05-18 | CVE-2017-9050 | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. | 7.5 |
| 2017-05-18 | CVE-2017-9049 | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. | 7.5 |
| 2017-05-18 | CVE-2017-9048 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. | 7.5 |
| 2017-05-18 | CVE-2017-9047 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. | 7.5 |
| 2017-04-11 | CVE-2016-4483 | Deserialization of Untrusted Data vulnerability in multiple products The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. | 7.5 |
| 2016-07-23 | CVE-2016-5131 | Use After Free vulnerability in multiple products Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | 8.8 |