Search for packages
Package details: pkg:nuget/libxml2@2.9.3
purl pkg:nuget/libxml2@2.9.3
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-1ynh-xcuu-aaae
Aliases:
CVE-2016-4447
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseElementDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. There are no reported fixed by versions.
VCID-e3bs-tck7-aaar
Aliases:
CVE-2016-9597
Improper Restriction of Operations within the Bounds of a Memory Buffer It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. There are no reported fixed by versions.
VCID-f7ux-h8qn-aaan
Aliases:
CVE-2016-3705
Improper Input Validation The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. There are no reported fixed by versions.
VCID-qky4-p9ky-aaan
Aliases:
CVE-2016-3627
Improper Input Validation The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. There are no reported fixed by versions.
VCID-wf9x-r3us-aaaj
Aliases:
CVE-2016-4448
Use of Externally-Controlled Format String Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors. There are no reported fixed by versions.
VCID-zew4-4yut-aaap
Aliases:
CVE-2016-4449
Improper Input Validation XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:46:36.937155+00:00 GitLab Importer Affected by VCID-e3bs-tck7-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-9597.yml 34.0.1
2024-09-17T22:46:36.403245+00:00 GitLab Importer Affected by VCID-zew4-4yut-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4449.yml 34.0.1
2024-09-17T22:46:36.222333+00:00 GitLab Importer Affected by VCID-wf9x-r3us-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4448.yml 34.0.1
2024-09-17T22:46:35.982775+00:00 GitLab Importer Affected by VCID-f7ux-h8qn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-3705.yml 34.0.1
2024-09-17T22:46:35.894415+00:00 GitLab Importer Affected by VCID-1ynh-xcuu-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4447.yml 34.0.1
2024-09-17T22:46:35.584595+00:00 GitLab Importer Affected by VCID-qky4-p9ky-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-3627.yml 34.0.1
2024-01-03T18:07:51.090891+00:00 GitLab Importer Affected by VCID-e3bs-tck7-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-9597.yml 34.0.0rc1
2024-01-03T18:07:50.612834+00:00 GitLab Importer Affected by VCID-zew4-4yut-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4449.yml 34.0.0rc1
2024-01-03T18:07:50.455611+00:00 GitLab Importer Affected by VCID-wf9x-r3us-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4448.yml 34.0.0rc1
2024-01-03T18:07:50.224256+00:00 GitLab Importer Affected by VCID-f7ux-h8qn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-3705.yml 34.0.0rc1
2024-01-03T18:07:50.149135+00:00 GitLab Importer Affected by VCID-1ynh-xcuu-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4447.yml 34.0.0rc1
2024-01-03T18:07:49.881177+00:00 GitLab Importer Affected by VCID-qky4-p9ky-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-3627.yml 34.0.0rc1