MidnightBSD

Advisories for xml-libxml_project

CVE-2015-3451 MEDIUM

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
fedoraproject fedora 21
xml-libxml_project xml-libxml *
debian debian_linux 8.0
fedoraproject fedora 20
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 7.0
canonical ubuntu_linux 14.10
canonical ubuntu_linux 15.04
CVE-2017-10672 HIGH

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
xml-libxml_project xml-libxml *
debian debian_linux 8.0
debian debian_linux 9.0