The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HXmlsoft Libxml2
APPXmlsoft2.9.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
Related vulnerabilities
CVE-2024-40896CRITICAL9.1PL ✓ten sam produkt
XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX
CVE-2017-7375CRITICAL9.8ten sam produkt
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not ...
CVE-2017-7376CRITICAL9.8ten sam produkt
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit ...
CVE-2017-16931CRITICAL9.8ten sam produkt
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlP...
CVE-2016-4658CRITICAL9.8ten sam produkt
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and wat...