Xmlsoft: >> Libxml2 >> 2.6.0 Security Vulnerabilities
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
CVSS Score
10.0
EPSS Score
0.589
Published
2008-09-12
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
CVSS Score
6.5
EPSS Score
0.008
Published
2008-08-27
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
CVSS Score
7.5
EPSS Score
0.429
Published
2004-03-15
Page 8