The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of libxml2

vulnerability announce CVE-2017-15412

libxml2: use after free via xmlXPathCompOpEvalPositionalPredicate

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via xmlXPathCompOpEvalPositionalPredicate() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Chrome, libxml, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/12/2017.
Identifiers: CVE-2017-15412, DLA-1211-1, DSA-4064-1, DSA-4086-1, FEDORA-2017-c2645aa935, FEDORA-2017-ea44f172e3, FEDORA-2018-faff5f661e, openSUSE-SU-2017:3244-1, openSUSE-SU-2017:3245-1, openSUSE-SU-2018:0418-1, RHSA-2017:3401-01, USN-3513-1, USN-3513-2, VIGILANCE-VUL-24762.

Description of the vulnerability

An attacker can force the usage of a freed memory area via xmlXPathCompOpEvalPositionalPredicate() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-16932

libxml2: infinite loop via parser.c

Synthesis of the vulnerability

An attacker can generate an infinite loop via parser.c of libxml2, in order to trigger a denial of service.
Impacted products: Debian, libxml, Nessus, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/11/2017.
Identifiers: CERTFR-2018-AVI-288, CVE-2017-16932, DLA-1194-1, TNS-2018-08, USN-3504-1, USN-3504-2, VIGILANCE-VUL-24528.

Description of the vulnerability

An attacker can generate an infinite loop via parser.c of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-16931

libxml2: denial of service via Parameter-entity References

Synthesis of the vulnerability

An attacker can generate a fatal error via Parameter-entity References of libxml2, in order to trigger a denial of service.
Impacted products: Debian, libxml, Nessus.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/11/2017.
Identifiers: CERTFR-2018-AVI-288, CVE-2017-16931, DLA-1194-1, TNS-2018-08, VIGILANCE-VUL-24527.

Description of the vulnerability

An attacker can generate a fatal error via Parameter-entity References of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 23727

libxml2: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Impacted products: libxml, Slackware, VxWorks.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 05/09/2017.
Identifiers: K-511315, SSA:2017-266-01, VIGILANCE-VUL-23727.

Description of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-9050

libxml2: buffer overflow via xmlDictAddString

Synthesis of the vulnerability

An attacker can generate a buffer overflow via xmlDictAddString() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, libxml, openSUSE Leap, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/05/2017.
Identifiers: 781361, CERTFR-2018-AVI-288, CVE-2017-9050, DLA-1008-1, DSA-3952-1, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, openSUSE-SU-2017:1510-1, openSUSE-SU-2017:1612-1, SSA:2017-266-01, TNS-2018-08, USN-3424-1, USN-3424-2, VIGILANCE-VUL-22726.

Description of the vulnerability

An attacker can generate a buffer overflow via xmlDictAddString() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-9049

libxml2: buffer overflow via xmlDictComputeFastKey

Synthesis of the vulnerability

An attacker can generate a buffer overflow via xmlDictComputeFastKey() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, libxml, openSUSE Leap, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/05/2017.
Identifiers: 781205, CERTFR-2018-AVI-288, CVE-2017-9049, DLA-1008-1, DSA-3952-1, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, openSUSE-SU-2017:1510-1, openSUSE-SU-2017:1612-1, SSA:2017-266-01, TNS-2018-08, USN-3424-1, USN-3424-2, VIGILANCE-VUL-22725.

Description of the vulnerability

An attacker can generate a buffer overflow via xmlDictComputeFastKey() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-9048

libxml2: buffer overflow via xmlSnprintfElementContent 2

Synthesis of the vulnerability

An attacker can generate a buffer overflow via xmlSnprintfElementContent() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, libxml, openSUSE Leap, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/05/2017.
Identifiers: 781701, CERTFR-2018-AVI-288, CVE-2017-9048, DLA-1008-1, DSA-3952-1, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, openSUSE-SU-2017:1510-1, openSUSE-SU-2017:1612-1, SSA:2017-266-01, TNS-2018-08, USN-3424-1, USN-3424-2, VIGILANCE-VUL-22724.

Description of the vulnerability

An attacker can generate a buffer overflow via xmlSnprintfElementContent() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-9047

libxml2: buffer overflow via xmlSnprintfElementContent 1

Synthesis of the vulnerability

An attacker can generate a buffer overflow via xmlSnprintfElementContent() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, libxml, openSUSE Leap, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/05/2017.
Identifiers: 781333, CERTFR-2018-AVI-288, CVE-2017-9047, DLA-1008-1, DSA-3952-1, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, openSUSE-SU-2017:1510-1, openSUSE-SU-2017:1612-1, SSA:2017-266-01, TNS-2018-08, USN-3424-1, USN-3424-2, VIGILANCE-VUL-22723.

Description of the vulnerability

An attacker can generate a buffer overflow via xmlSnprintfElementContent() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-8872

libxml2: out-of-bounds memory reading via htmlParseTryOrFinish

Synthesis of the vulnerability

An attacker can force a read at an invalid address via htmlParseTryOrFinish() of libxml2, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Fedora, libxml, openSUSE Leap, Slackware, Nessus.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/05/2017.
Identifiers: 775200, CERTFR-2018-AVI-288, CVE-2017-8872, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, openSUSE-SU-2017:2190-1, SSA:2017-266-01, TNS-2018-08, VIGILANCE-VUL-22709.

Description of the vulnerability

An attacker can force a read at an invalid address via htmlParseTryOrFinish() of libxml2, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-9318

libxml2: external XML entity injection via xmlNewEntityInputStream

Synthesis of the vulnerability

An attacker can transmit malicious XML data to libxml2, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Fedora, libxml, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 16/11/2016.
Identifiers: 772726, CERTFR-2018-AVI-288, CVE-2016-9318, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, openSUSE-SU-2017:0446-1, SSA:2017-266-01, SUSE-SU-2019:13985-1, TNS-2018-08, USN-3739-1, USN-3739-2, VIGILANCE-VUL-21134.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the libxml2 parser allows external entities.

An attacker can therefore transmit malicious XML data to libxml2, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about libxml2: