Search CVE reports


Toggle filters

31 – 40 of 113 results


CVE-2018-9251

Medium priority
Not affected

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint,...

1 affected package

libxml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libxml2 Not affected
Show less packages

CVE-2017-5130

Negligible priority

Some fixes available 8 of 15

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

3 affected packages

chromium-browser, libxml2, oxide-qt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Fixed Fixed
libxml2 Fixed Ignored
oxide-qt Not in release Ignored
Show less packages

CVE-2017-15412

Medium priority

Some fixes available 12 of 15

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

3 affected packages

chromium-browser, libxml2, oxide-qt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Fixed Fixed
libxml2 Fixed Fixed
oxide-qt Not in release Ignored
Show less packages

CVE-2017-16931

Medium priority
Not affected

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

1 affected package

libxml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libxml2 Not affected
Show less packages

CVE-2017-16932

Low priority
Fixed

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

1 affected package

libxml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libxml2 Fixed Fixed
Show less packages

CVE-2017-7013

Medium priority
Ignored

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is...

1 affected package

libxml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libxml2 Not affected
Show less packages

CVE-2017-7010

Medium priority
Ignored

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is...

1 affected package

libxml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libxml2 Not affected
Show less packages

CVE-2017-7376

Medium priority

Some fixes available 3 of 4

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

1 affected package

libxml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libxml2 Fixed
Show less packages

CVE-2017-7375

Medium priority

Some fixes available 3 of 4

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the...

1 affected package

libxml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libxml2 Fixed
Show less packages

CVE-2017-0663

Medium priority

Some fixes available 3 of 7

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility...

2 affected packages

android, libxml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
android Not in release Ignored
libxml2 Not affected Fixed
Show less packages