The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of libxml

computer vulnerability announce CVE-2018-14567

libxml2: infinite loop via LZMA Decompression

Synthesis of the vulnerability

An attacker can generate an infinite loop via LZMA Decompression of libxml2, in order to trigger a denial of service.
Impacted products: Debian, libxml, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/08/2018.
Identifiers: 794914, CVE-2018-14567, DLA-1524-1, openSUSE-SU-2018:3107-1, openSUSE-SU-2018:3110-1, SUSE-SU-2018:3080-1, SUSE-SU-2018:3081-1, USN-3739-1, USN-3739-2, VIGILANCE-VUL-27037.

Description of the vulnerability

An attacker can generate an infinite loop via LZMA Decompression of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-14404

libxml2: NULL pointer dereference via xpath.c-xmlXPathCompOpEval

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xpath.c:xmlXPathCompOpEval() of libxml2, in order to trigger a denial of service.
Impacted products: Debian, libxml, openSUSE Leap, Solaris, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/07/2018.
Identifiers: 901817, bulletinapr2019, CVE-2018-14404, DLA-1524-1, openSUSE-SU-2018:3107-1, openSUSE-SU-2018:3110-1, openSUSE-SU-2019:0185-1, SSB-439005, SUSE-SU-2018:3080-1, SUSE-SU-2018:3081-1, SUSE-SU-2019:0272-1, SUSE-SU-2019:13985-1, USN-3739-1, USN-3739-2, VIGILANCE-VUL-26812.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xpath.c:xmlXPathCompOpEval() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-18258

libxml2: denial of service via xz_head

Synthesis of the vulnerability

An attacker can generate a fatal error via xz_head() of libxml2, in order to trigger a denial of service.
Impacted products: Debian, Junos OS, libxml, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/04/2018.
Identifiers: bulletinapr2019, CERTFR-2018-AVI-288, CVE-2017-18258, DLA-1524-1, JSA10916, openSUSE-SU-2018:3107-1, SUSE-SU-2018:3081-1, TNS-2018-08, USN-3739-1, USN-3739-2, VIGILANCE-VUL-25798.

Description of the vulnerability

An attacker can generate a fatal error via xz_head() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-9251

libxml2: infinite loop via xz_decomp

Synthesis of the vulnerability

An attacker can generate an infinite loop via xz_decomp() of libxml2, in order to trigger a denial of service.
Impacted products: Debian, Junos OS, libxml, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Nessus.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/04/2018.
Identifiers: 794914, CERTFR-2018-AVI-288, CVE-2018-9251, DLA-1524-1, JSA10916, openSUSE-SU-2018:3107-1, openSUSE-SU-2018:3110-1, SUSE-SU-2018:3080-1, SUSE-SU-2018:3081-1, TNS-2018-08, VIGILANCE-VUL-25771.

Description of the vulnerability

An attacker can generate an infinite loop via xz_decomp() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-15412

libxml2: use after free via xmlXPathCompOpEvalPositionalPredicate

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via xmlXPathCompOpEvalPositionalPredicate() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Chrome, libxml, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/12/2017.
Identifiers: CVE-2017-15412, DLA-1211-1, DSA-4064-1, DSA-4086-1, FEDORA-2017-c2645aa935, FEDORA-2017-ea44f172e3, FEDORA-2018-faff5f661e, openSUSE-SU-2017:3244-1, openSUSE-SU-2017:3245-1, openSUSE-SU-2018:0418-1, RHSA-2017:3401-01, USN-3513-1, USN-3513-2, VIGILANCE-VUL-24762.

Description of the vulnerability

An attacker can force the usage of a freed memory area via xmlXPathCompOpEvalPositionalPredicate() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-16932

libxml2: infinite loop via parser.c

Synthesis of the vulnerability

An attacker can generate an infinite loop via parser.c of libxml2, in order to trigger a denial of service.
Impacted products: Debian, libxml, Nessus, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/11/2017.
Identifiers: CERTFR-2018-AVI-288, CVE-2017-16932, DLA-1194-1, TNS-2018-08, USN-3504-1, USN-3504-2, VIGILANCE-VUL-24528.

Description of the vulnerability

An attacker can generate an infinite loop via parser.c of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-16931

libxml2: denial of service via Parameter-entity References

Synthesis of the vulnerability

An attacker can generate a fatal error via Parameter-entity References of libxml2, in order to trigger a denial of service.
Impacted products: Debian, libxml, Nessus.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/11/2017.
Identifiers: CERTFR-2018-AVI-288, CVE-2017-16931, DLA-1194-1, TNS-2018-08, VIGILANCE-VUL-24527.

Description of the vulnerability

An attacker can generate a fatal error via Parameter-entity References of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 23727

libxml2: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Impacted products: libxml, Slackware, VxWorks.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 05/09/2017.
Identifiers: K-511315, SSA:2017-266-01, VIGILANCE-VUL-23727.

Description of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-9050

libxml2: buffer overflow via xmlDictAddString

Synthesis of the vulnerability

An attacker can generate a buffer overflow via xmlDictAddString() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, libxml, openSUSE Leap, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/05/2017.
Identifiers: 781361, CERTFR-2018-AVI-288, CVE-2017-9050, DLA-1008-1, DSA-3952-1, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, openSUSE-SU-2017:1510-1, openSUSE-SU-2017:1612-1, SSA:2017-266-01, TNS-2018-08, USN-3424-1, USN-3424-2, VIGILANCE-VUL-22726.

Description of the vulnerability

An attacker can generate a buffer overflow via xmlDictAddString() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-9049

libxml2: buffer overflow via xmlDictComputeFastKey

Synthesis of the vulnerability

An attacker can generate a buffer overflow via xmlDictComputeFastKey() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, libxml, openSUSE Leap, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/05/2017.
Identifiers: 781205, CERTFR-2018-AVI-288, CVE-2017-9049, DLA-1008-1, DSA-3952-1, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, openSUSE-SU-2017:1510-1, openSUSE-SU-2017:1612-1, SSA:2017-266-01, TNS-2018-08, USN-3424-1, USN-3424-2, VIGILANCE-VUL-22725.

Description of the vulnerability

An attacker can generate a buffer overflow via xmlDictComputeFastKey() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about libxml: