VYPR
Medium severity6.5NVD Advisory· Published Jul 19, 2018· Updated Jun 17, 2026

CVE-2018-14404

CVE-2018-14404

Description

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nokogiriRubyGems
< 1.8.51.8.5

Affected products

22

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.