The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
Max CVSS
9.1
EPSS Score
0.19%
Published
2017-05-10
Updated
2020-09-10
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
Max CVSS
4.7
EPSS Score
0.38%
Published
2017-04-11
Updated
2024-03-21
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
Max CVSS
7.5
EPSS Score
0.49%
Published
2017-04-11
Updated
2021-06-29
3 vulnerabilities found