VYPR

rpm package

opensuse/libxml2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweed

Vulnerabilities (79)

  • CVE-2017-0663HigJun 14, 2017
    affected < 2.9.12-1.2fixed 2.9.12-1.2

    A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that use

  • CVE-2017-9049HigMay 18, 2017
    affected < 2.9.12-1.2fixed 2.9.12-1.2

    libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 7

  • CVE-2017-9048HigMay 18, 2017
    affected < 2.9.12-1.2fixed 2.9.12-1.2

    libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function ma

  • CVE-2017-9047HigMay 18, 2017
    affected < 2.9.12-1.2fixed 2.9.12-1.2

    A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the cont

  • CVE-2017-5969MedApr 11, 2017
    affected < 2.9.12-1.2fixed 2.9.12-1.2

    libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recov

  • CVE-2016-4483HigApr 11, 2017
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of

  • CVE-2016-4658CriSep 25, 2016
    affected < 2.9.12-1.2fixed 2.9.12-1.2

    xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of servic

  • CVE-2016-1840HigMay 20, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c

  • CVE-2016-1839MedMay 20, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-1838MedMay 20, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume

  • CVE-2016-1837MedMay 20, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial

  • CVE-2016-1836MedMay 20, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

  • CVE-2016-1835HigMay 20, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

  • CVE-2016-1834HigMay 20, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v

  • CVE-2016-1833MedMay 20, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-3705HigMay 17, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML

  • CVE-2016-3627HigMay 17, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

  • CVE-2016-1762HigMar 24, 2016
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2015-8242Dec 15, 2015
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

  • CVE-2015-7500Dec 15, 2015
    affected < 2.9.4-1.22fixed 2.9.4-1.22

    The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.