Libyaml
by YAML
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9130 | 0.05 | — | 0.58 | Dec 8, 2014 | scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping. | |||
| CVE-2014-2525 | 0.05 | — | 0.54 | Mar 28, 2014 | Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. | |||
| CVE-2013-6393 | 0.01 | — | 0.08 | Feb 6, 2014 | The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a… | |||
| CVE-2025-40908 | 0.00 | — | 0.00 | Jun 1, 2025 | YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified |
- CVE-2014-9130Dec 8, 2014risk 0.05cvss —epss 0.58
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
- CVE-2014-2525Mar 28, 2014risk 0.05cvss —epss 0.54
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
- CVE-2013-6393Feb 6, 2014risk 0.01cvss —epss 0.08
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a…
- CVE-2025-40908Jun 1, 2025risk 0.00cvss —epss 0.00
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified