FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0642b064-56c4-11e4-8b87-bcaec565249clibxml2 -- Denial of service

RedHat reports:

A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.


Discovery 2014-10-16
Entry 2014-10-18
Modified 2015-07-15
libxml2
< 2.9.2

linux-c6-libxml2
< 2.7.6_2

linux-f10-libxml2
ge *

CVE-2014-3660
https://rhn.redhat.com/errata/RHSA-2014-1655.html
9c7177ff-1fe1-11e5-9a01-bcaec565249clibxml2 -- Enforce the reader to run in constant memory

Daniel Veilland reports:

Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect.


Discovery 2015-04-14
Entry 2015-07-01
Modified 2016-01-31
libxml2
< 2.9.2_3

linux-c6-libxml2
< 2.7.6_5

linux-f10-libxml2
ge *

CVE-2015-1819
https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
e7bb3885-da40-11e3-9ecb-2c4138874f7dlibxml2 -- lack of end-of-document check DoS

CVE MITRE reports:

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.


Discovery 2013-04-11
Entry 2013-07-10
Modified 2015-07-15
libxml2
< 2.9.1

linux-c6-libxml2
< 2.7.6_2

linux-f10-libxml2
ge *

CVE-2013-2877
https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877
efdd0edc-da3d-11e3-9ecb-2c4138874f7dlibxml2 -- entity substitution DoS

Stefan Cornelius reports:

It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.

This issue was discovered by Daniel Berrange of Red Hat.


Discovery 2013-12-03
Entry 2014-05-06
Modified 2015-07-15
libxml2
< 2.9.1

linux-c6-libxml2
< 2.7.6_2

linux-f10-libxml2
ge *

CVE-2014-0191
http://www.openwall.com/lists/oss-security/2014/05/06/4
https://git.gnome.org/browse/libxml2/tag/?id=CVE-2014-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191