Search CVE reports
31 – 40 of 112 results
CVE-2017-5130
Negligible prioritySome fixes available 8 of 15
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
3 affected packages
chromium-browser, libxml2, oxide-qt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | — | — | Fixed | Fixed |
libxml2 | — | — | — | Fixed | Ignored |
oxide-qt | — | — | — | Not in release | Ignored |
CVE-2017-15412
Medium prioritySome fixes available 12 of 15
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3 affected packages
chromium-browser, libxml2, oxide-qt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | — | — | Fixed | Fixed |
libxml2 | — | — | — | Fixed | Fixed |
oxide-qt | — | — | — | Not in release | Ignored |
CVE-2017-16931
Medium priorityparser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
1 affected package
libxml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxml2 | — | — | — | — | Not affected |
CVE-2017-16932
Low priorityparser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
1 affected package
libxml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxml2 | — | — | — | Fixed | Fixed |
CVE-2017-7013
Medium priorityAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is...
1 affected package
libxml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxml2 | — | — | — | — | Not affected |
CVE-2017-7010
Medium priorityAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is...
1 affected package
libxml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxml2 | — | — | — | — | Not affected |
CVE-2017-7376
Medium prioritySome fixes available 3 of 4
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
1 affected package
libxml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxml2 | — | — | — | — | Fixed |
CVE-2017-7375
Medium prioritySome fixes available 3 of 4
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the...
1 affected package
libxml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxml2 | — | — | — | — | Fixed |
CVE-2017-0663
Medium prioritySome fixes available 3 of 7
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility...
2 affected packages
android, libxml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
android | — | — | — | Not in release | Ignored |
libxml2 | — | — | — | Not affected | Fixed |
CVE-2017-9050
Medium prioritySome fixes available 3 of 4
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists...
1 affected package
libxml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxml2 | — | — | — | — | Fixed |