Search for packages
| purl | pkg:nuget/libxml2@1.7.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2r5u-7wpy-4yf9
Aliases: CVE-2013-0338 |
Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. |
Affected by 48 other vulnerabilities. |
|
VCID-h6qs-dgys-afes
Aliases: CVE-2012-5134 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. |
Affected by 48 other vulnerabilities. |
|
VCID-nrut-syek-s7fg
Aliases: CVE-2013-2877 |
Improper Restriction of Operations within the Bounds of a Memory Buffer parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. |
Affected by 48 other vulnerabilities. |
|
VCID-yj1q-xst4-y7eb
Aliases: CVE-2013-0339 |
Uncontrolled Resource Consumption libxml2 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. |
Affected by 48 other vulnerabilities. |
|
VCID-yytk-k1y3-p3hp
Aliases: CVE-2012-0841 |
Uncontrolled Resource Consumption libxml2 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. |
Affected by 48 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:51.416878+00:00 | GitLab Importer | Affected by | VCID-yj1q-xst4-y7eb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-0339.yml | 38.0.0 |
| 2026-04-01T12:46:49.424554+00:00 | GitLab Importer | Affected by | VCID-nrut-syek-s7fg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-2877.yml | 38.0.0 |
| 2026-04-01T12:46:49.220145+00:00 | GitLab Importer | Affected by | VCID-2r5u-7wpy-4yf9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-0338.yml | 38.0.0 |
| 2026-04-01T12:46:47.737105+00:00 | GitLab Importer | Affected by | VCID-yytk-k1y3-p3hp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2012-0841.yml | 38.0.0 |
| 2026-04-01T12:46:47.636077+00:00 | GitLab Importer | Affected by | VCID-h6qs-dgys-afes | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2012-5134.yml | 38.0.0 |