libxml2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description XML parsing library, version 2
Version 2.9.8-6 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-672 2.9.8-4 2.9.8-5 Medium Fixed
AVG-671 2.9.5+6+g07e227ed-1 2.9.6+3+g5af594d8-1 Medium Fixed
AVG-56 2.9.4+4+g3169602-1 2.9.4+12+ge905f08-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2018-9251 AVG-672 Medium Yes Denial of service
A security issue has been found in libxml2 <= 2.9.8 compiled with LZMA support enabled, in the xz_decomp function in xzlib.c. This flaw allows a remote...
CVE-2017-18258 AVG-671 Medium Yes Denial of service
A security issue has been found in libxml2 <= 2.9.6 compiled with LZMA support enabled, in the xz_head function in xzlib.c. This flaw allows a remote...
CVE-2016-5131 AVG-56 Critical Yes Arbitrary code execution
Bugs in xmlXPathEvalExpr and xmlXPtrRangeToFunction can lead to a use- after-free and allow control of the instruction pointer.
CVE-2016-4658 AVG-56 Critical Yes Arbitrary code execution
A use-after-free vulnerability via namespace nodes in XPointer ranges was found in libxml2.

Advisories

Date Advisory Group Severity Description
01 Oct 2018 ASA-201810-3 AVG-672 Medium denial of service
01 Nov 2016 ASA-201611-2 AVG-56 Critical arbitrary code execution