Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Max CVSS
9.3
EPSS Score
0.78%
Published
2011-09-02
Updated
2016-06-17
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
Max CVSS
4.3
EPSS Score
0.23%
Published
2009-08-11
Updated
2023-02-13
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Max CVSS
10.0
EPSS Score
1.86%
Published
2008-11-25
Updated
2017-09-29
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Max CVSS
7.8
EPSS Score
1.26%
Published
2008-11-25
Updated
2017-09-29
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
Max CVSS
7.5
EPSS Score
67.69%
Published
2004-03-15
Updated
2017-10-11
5 vulnerabilities found