AVG-1883 log

Package libxml2
Status Fixed
Severity Medium
Type multiple issues
Affected 2.9.10-9
Fixed 2.9.11-1
Current 2.9.12-2 [extra]
Ticket FS#70822
Created Tue Apr 27 18:48:16 2021
Issue Severity Remote Type Description
CVE-2021-3541 Low Yes Denial of service
A security issue was found in libxml2 before version 2.9.11. Exponential entity expansion attack its possible bypassing all existing protection mechanisms...
CVE-2021-3537 Low Yes Denial of service
It was found that libxml2 before version 2.9.11 did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML...
CVE-2021-3518 Medium Yes Arbitrary code execution
A use-after-free security issue was found in libxml2 before version 2.9.11 in xmlXIncludeDoProcess() in xinclude.c when processing crafted files.
CVE-2021-3517 Medium Yes Arbitrary code execution
A heap-based buffer overflow was found in libxml2 before version 2.9.11 when processing truncated UTF-8 input.
CVE-2021-3516 Medium No Arbitrary code execution
A use-after-free security issue was found libxml2 before version 2.9.11 when "xmllint --html --push" is used to process crafted files.