Search for packages
| purl | pkg:deb/debian/libxml2@2.9.3%2Bdfsg1-1.1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2j62-5rjn-vyeu | Uncontrolled Resource Consumption dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. |
CVE-2015-8806
GHSA-7hp2-xwpj-95jq |
| VCID-51f2-w9b7-9fb4 | Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
CVE-2016-1840
|
| VCID-7h3p-7ej2-17f1 | Out-of-bounds Read The xmlDictAddString function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
CVE-2016-1839
|
| VCID-bk98-bfkg-7bdt | Use After Free Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service via a crafted XML document. |
CVE-2016-1836
|
| VCID-bp8r-8jjt-hygw | Improper Input Validation The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. |
CVE-2016-3705
|
| VCID-e9c3-5gws-u3fp | Use After Free Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allow remote attackers to cause a denial of service via a crafted XML document. |
CVE-2016-1837
|
| VCID-eebz-xjem-cygz | Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlStrncat function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
CVE-2016-1834
|
| VCID-ked7-5tjg-nudx | Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
CVE-2016-1762
|
| VCID-r7q9-7u4b-83cz | Out-of-bounds Read The htmlCurrentChar function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
CVE-2016-1833
|
| VCID-s3j9-1zq5-zkf5 | Deserialization of Untrusted Data The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. |
CVE-2016-4483
|
| VCID-t9pa-yw9s-kqb9 | Improper Input Validation XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. |
CVE-2016-4449
|
| VCID-tazr-2qgq-77fy | Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseElementDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. |
CVE-2016-4447
|
| VCID-tyk2-gq2c-bbcn | Improper Restriction of Operations within the Bounds of a Memory Buffer The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. |
CVE-2016-2073
|
| VCID-vcq9-93xd-nfbe | Out-of-bounds Read The xmlPArserPrintFileContextInternal function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
CVE-2016-1838
|
| VCID-wj66-7n6c-9kam | security update |
CVE-2016-1835
|
| VCID-wy5v-dsp3-a7aa | Improper Input Validation The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. |
CVE-2016-3627
|