Debian Libxml2 vulnerabilities

CVE-2016-4449 [HIGH] CVE-2016-4449: libxml2 - XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities functi... XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed

CVE-2016-4483 [HIGH] CVE-2016-4483: libxml2 - The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows contex... The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolv

CVE-2016-1834 [HIGH] CVE-2016-1834: libxml2 - Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, a... Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bull

CVE-2016-3705 [HIGH] CVE-2016-3705: libxml2 - The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser... The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. Scope: local bookworm: re

CVE-2016-1840 [HIGH] CVE-2016-1840: libxml2 - Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 bef... Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfs

CVE-2016-4447 [HIGH] CVE-2016-4447: libxml2 - The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows cont... The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.1) forky: resolved (fixed in 2.9.3+dfsg

CVE-2016-1835 [HIGH] CVE-2016-1835: libxml2 - Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 befor... Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.1) forky: resolved (fixed in 2.9.3+dfsg

CVE-2016-1762 [HIGH] CVE-2016-1762: libxml2 - The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to caus... The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.1) forky: resolved (fixed in 2.9.3+dfsg1-1.1) sid: resolved (fixed in 2.9.3+dfsg1-1.1) trixie: resolved (fix

CVE-2016-1839 [MEDIUM] CVE-2016-1839: libxml2 - The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS befo... The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1

CVE-2016-2073 [MEDIUM] CVE-2016-2073: libxml2 - The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to... The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.1) forky: resolved (fixed in 2.9.3+dfsg1-1.1) sid: resolved (fixed in 2.9.3+dfsg1-1.1) trixie: resolved (fixed

CVE-2016-1833 [MEDIUM] CVE-2016-1833: libxml2 - The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS befor... The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.

CVE-2016-1838 [MEDIUM] CVE-2016-1838: libxml2 - The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used ... The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed

CVE-2016-1837 [MEDIUM] CVE-2016-1837: libxml2 - Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2)... Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+d

CVE-2016-9318 [MEDIUM] CVE-2016-9318: libxml2 - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other produc... libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Scope: local bookworm: resolved (fixed in 2.9.10+dfsg-2)

CVE-2016-3709 [MEDIUM] CVE-2016-3709: libxml2 - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. Possible cross-site scripting vulnerability in libxml after commit 960f0e2. Scope: local bookworm: resolved (fixed in 2.9.12+dfsg-3) bullseye: resolved (fixed in 2.9.10+dfsg-6.7+deb11u5) forky: resolved (fixed in 2.9.12+dfsg-3) sid: resolved (fixed in 2.9.12+dfsg-3) trixie: resolved (fixed in 2.9.12+dfsg-3)

CVE-2016-1836 [MEDIUM] CVE-2016-1836: libxml2 - Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 be... Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+

CVE-2016-9598 [HIGH] CVE-2016-9598: libxml2 - libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attack... libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-9597 [HIGH] CVE-2016-9597: libxml2 - It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-201... It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved

CVE-2016-9596 [HIGH] CVE-2016-9596: libxml2 - libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allow... libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-8710 [CRITICAL] CVE-2015-8710: libxml2 - The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obt... The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. Scope: local bookworm: resolved (fixed in 2.9.2+really2.9.1+dfsg1-0.1) bullseye: resolved (fixed in 2.9