Vulnerabilities (CVE)

Filtered by vendor Xmlsoft Subscribe
Total 115 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3970 3 Google, Suse, Xmlsoft 5 Chrome, Linux Enterprise Desktop, Linux Enterprise Server and 2 more 2024-02-28 4.3 MEDIUM N/A
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-1202 2 Google, Xmlsoft 2 Chrome, Libxslt 2024-02-28 4.3 MEDIUM N/A
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
CVE-2011-1944 1 Xmlsoft 2 Libxml, Libxml2 2024-02-28 9.3 HIGH N/A
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
CVE-2010-4494 10 Apache, Apple, Debian and 7 more 17 Openoffice, Iphone Os, Itunes and 14 more 2024-02-28 7.5 HIGH N/A
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVE-2008-4226 1 Xmlsoft 1 Libxml 2024-02-28 10.0 HIGH N/A
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
CVE-2008-4409 1 Xmlsoft 1 Libxml2 2024-02-28 5.0 MEDIUM N/A
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.
CVE-2009-2414 1 Xmlsoft 2 Libxml, Libxml2 2024-02-28 4.3 MEDIUM N/A
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
CVE-2008-3529 4 Apple, Canonical, Debian and 1 more 6 Iphone Os, Mac Os X, Safari and 3 more 2024-02-28 10.0 HIGH N/A
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
CVE-2009-2416 11 Apple, Canonical, Debian and 8 more 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
CVE-2008-4225 1 Xmlsoft 1 Libxml 2024-02-28 7.8 HIGH N/A
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
CVE-2008-3281 7 Apple, Canonical, Debian and 4 more 11 Iphone Os, Safari, Ubuntu Linux and 8 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
CVE-2008-2935 1 Xmlsoft 1 Libxslt 2024-02-28 7.5 HIGH N/A
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
CVE-2004-0989 5 Redhat, Trustix, Ubuntu and 2 more 6 Fedora Core, Secure Linux, Ubuntu Linux and 3 more 2024-02-28 10.0 HIGH N/A
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
CVE-2003-1564 1 Xmlsoft 1 Libxml2 2024-02-28 9.3 HIGH 6.5 MEDIUM
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
CVE-2004-0110 2 Sgi, Xmlsoft 3 Propack, Libxml, Libxml2 2024-02-28 7.5 HIGH N/A
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.