Vulnerabilities > Xmlsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-18 | CVE-2017-9047 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. | 7.5 |
| 2017-04-24 | CVE-2017-5029 | Out-of-bounds Write vulnerability in multiple products The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
| 2017-04-11 | CVE-2016-4483 | Deserialization of Untrusted Data vulnerability in multiple products The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. | 7.5 |
| 2016-07-23 | CVE-2016-5131 | Use After Free vulnerability in multiple products Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | 8.8 |
| 2016-06-09 | CVE-2016-4447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | 7.5 |
| 2016-06-05 | CVE-2016-1684 | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. | 7.5 |
| 2016-06-05 | CVE-2016-1683 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. | 7.5 |
| 2016-05-17 | CVE-2016-3705 | Improper Input Validation vulnerability in multiple products The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. | 7.5 |
| 2016-05-17 | CVE-2016-3627 | Uncontrolled Recursion vulnerability in multiple products The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | 7.5 |
| 2016-05-16 | CVE-2015-6838 | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | 7.5 |