VDB
GCVE-110-MAGEIA-2018-48
GCVE-110-MAGEIA-2018-48
Advisory Published
Use-after-free error could lead to crash (CVE-2016-4658).
Use-after-free vulnerability in libxml2 through 2.9.4 allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to the XPointer range-to function
(CVE-2016-5131).
libxml2 2.9.4 and earlier does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document (CVE-2016-9318).
Heap buffer overflow in xmlAddID (CVE-2017-0663).
Integer overflow in memory debug code in libxml2 before 2.9.5
(CVE-2017-5130).
NULL pointer deref in xmlDumpElementContent (CVE-2017-5969).
Prevent unwanted external entity reference (CVE-2017-7375).
Increase buffer space for port in HTTP redirect support (CVE-2017-7376).
The function xmlSnprintfElementContent in valid.c was vulnerable to a
stack buffer overflow (CVE-2017-9047, CVE-2017-9048).
The function xmlDictComputeFastKey in dict.c was vulnerable to a
heap-based buffer over-read (CVE-2017-9049).
The function xmlDictAddString was vulnerable to a heap-based buffer
over-read (CVE-2017-9050).
It was discovered that libxml2 incorrecty handled certain files. An
attacker could use this issue with specially constructed XML data to
cause libxml2 to consume resources, leading to a denial of service
(CVE-2017-15412).
Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed
XML data to cause libxml2 to consume resources, leading to a denial of
service (CVE-2017-16932).
The libxml2 package has been updated to version 2.9.7 to fix these
issues and several other bugs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | perl-XML-LibXML | 0 (affected), 2.12.100-1.2.mga5 (unaffected), 0 (affected), 2.12.100-1.2.mga5 (unaffected) | — |
| Mageia | x11-driver-video-ati | 0 (affected), 7.10.0-1.1.mga6 (unaffected) | — |
| Mageia | libxml2 | 0 (affected), 2.9.7-1.mga5 (unaffected), 0 (affected), 2.9.7-1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.