Search for packages
Package details: pkg:nuget/libxml2@1.7.0
purl pkg:nuget/libxml2@1.7.0
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-2vtb-bj4t-aaar
Aliases:
CVE-2013-0338
Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
2.7.8.2
Affected by 49 other vulnerabilities.
VCID-5aum-sxf4-aaaj
Aliases:
CVE-2012-5134
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
2.7.8.2
Affected by 49 other vulnerabilities.
VCID-hgux-q6sj-aaaf
Aliases:
CVE-2013-2877
Improper Restriction of Operations within the Bounds of a Memory Buffer parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
2.7.8.2
Affected by 49 other vulnerabilities.
VCID-scf9-dkby-aaap
Aliases:
CVE-2013-0339
Uncontrolled Resource Consumption libxml2 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.
2.7.8.2
Affected by 49 other vulnerabilities.
VCID-ufew-hd99-aaan
Aliases:
CVE-2012-0841
Uncontrolled Resource Consumption libxml2 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
2.7.8.2
Affected by 49 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:46:37.093794+00:00 GitLab Importer Affected by VCID-5aum-sxf4-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2012-5134.yml 34.0.1
2024-09-17T22:46:37.056328+00:00 GitLab Importer Affected by VCID-hgux-q6sj-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-2877.yml 34.0.1
2024-09-17T22:46:37.007060+00:00 GitLab Importer Affected by VCID-scf9-dkby-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-0339.yml 34.0.1
2024-09-17T22:46:35.859757+00:00 GitLab Importer Affected by VCID-ufew-hd99-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2012-0841.yml 34.0.1
2024-09-17T22:46:35.773676+00:00 GitLab Importer Affected by VCID-2vtb-bj4t-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-0338.yml 34.0.1
2024-01-03T18:07:51.233092+00:00 GitLab Importer Affected by VCID-5aum-sxf4-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2012-5134.yml 34.0.0rc1
2024-01-03T18:07:51.203583+00:00 GitLab Importer Affected by VCID-hgux-q6sj-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-2877.yml 34.0.0rc1
2024-01-03T18:07:51.160065+00:00 GitLab Importer Affected by VCID-scf9-dkby-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-0339.yml 34.0.0rc1
2024-01-03T18:07:50.118058+00:00 GitLab Importer Affected by VCID-ufew-hd99-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2012-0841.yml 34.0.0rc1
2024-01-03T18:07:50.040440+00:00 GitLab Importer Affected by VCID-2vtb-bj4t-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2013-0338.yml 34.0.0rc1