A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

References

access.redhat.com/errata/RHSA-2019:1543

bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

bugzilla.redhat.com/show_bug.cgi?id=1595985

gitlab.gnome.org/GNOME/libxml2/issues/10

lists.debian.org/debian-lts-announce/2018/09/msg00035.html

lists.debian.org/debian-lts-announce/2020/09/msg00009.html

security.netapp.com/advisory/ntap-20190719-0002/

usn.ubuntu.com/3739-1/

usn.ubuntu.com/3739-2/

osv 35

nessus 50

openvas 34

archlinux 2

oraclelinux 4

suse 4

fedora 6

ibm 20

freebsd 2

debian 6

gentoo 1

amazon 3

f5 2

centos 3

redhat 3

veracode 3

rubygems 2

altlinux 3

cloudfoundry 2

symantec 1

ubuntu 3

mageia 2

ubuntucve 1

nvd 1

cvelist 1

debiancve 1

prion 2

cve 1

redhatcve 1

osv

CVE-2016-4483

2017-04-11 16:59:00

CVE-2022-29824

2022-05-03 03:15:06

CVE-2022-40303

2022-11-23 00:15:11

nessus

Fedora 22 : libxml2-2.9.3-1.fc22 (2015-037f844d3e)

2016-03-04 00:00:00

Fedora 23 : libxml2-2.9.3-1.fc23 (2015-c24af963a2)

2016-03-04 00:00:00

openSUSE Security Update : libxml2 (openSUSE-2015-959)

2015-12-29 00:00:00

openvas

Fedora Update for libxml2 FEDORA-2015-037

2015-12-01 00:00:00

Oracle: Security Advisory (ELSA-2015-2550)

2015-12-08 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:0049-1)

2021-04-19 00:00:00

archlinux

libxml2: multiple issues

2015-12-09 00:00:00

libxml2: multiple issues

2016-05-26 00:00:00

oraclelinux

libxml2 security update

2015-12-07 00:00:00

libxml2 security update

2015-12-07 00:00:00

libxml2 security update

2016-06-23 00:00:00

suse

Security update for libxml2 (important)

2016-06-16 13:08:21

Security update for libxml2 (important)

2016-06-16 13:10:48

Security update for libxml2 (important)

2016-06-17 15:08:25

fedora

[SECURITY] Fedora 23 Update: libxml2-2.9.3-1.fc23

2015-11-26 21:01:32

[SECURITY] Fedora 22 Update: libxml2-2.9.3-1.fc22

2015-11-30 23:26:43

[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25

2017-04-19 09:32:17

ibm

Security Bulletin: OpenSource libXML2 Vulnerabilities affect Identity Insight 8.1

2018-06-16 13:38:33

Security Bulletin: Multiple vulnerabilities in Libxml2 affect Rational Systems Tester

2018-06-17 05:07:59

Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM

2018-06-18 01:30:43

freebsd

libxml2 -- multiple vulnerabilities

2016-05-23 00:00:00

libxml2 -- multiple vulnerabilities

2015-11-20 00:00:00

debian

[SECURITY] [DSA 3430-1] libxml2 security update

2015-12-23 13:19:18

[SECURITY] [DSA 3430-1] libxml2 security update

2015-12-23 13:19:18

[SECURITY] [DSA 3593-1] libxml2 security update

2016-06-02 20:28:31

gentoo

libxml2: Multiple vulnerabilities

2017-01-16 00:00:00

amazon

Medium: libxml2

2015-12-14 10:00:00

Medium: libxml2

2019-05-29 19:14:00

Important: libxml2

2016-07-14 16:30:00

K61570943 : Multiple libXML2 vulnerabilities

2016-02-15 00:00:00

SOL61570943 - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942

2016-02-15 00:00:00

centos

libxml2 security update

2015-12-07 13:26:33

libxml2 security update

2015-12-07 20:38:05

libxml2 security update

2016-06-23 15:28:21

redhat

(RHSA-2015:2549) Moderate: libxml2 security update

2015-12-07 00:00:00

(RHSA-2015:2550) Moderate: libxml2 security update

2015-12-07 10:04:33

(RHSA-2016:1292) Important: libxml2 security update

2016-06-23 08:21:08

veracode

Denial Of Service (DoS)

2019-05-02 05:51:46

Information Disclosure

2019-05-02 05:51:46

Denial Of Service (DoS)

2019-05-02 05:51:46

rubygems

Nokogiri gem contains several vulnerabilities in libxml2

2015-12-14 21:00:00

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt

2015-04-13 21:00:00

altlinux

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-03 00:00:00

Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-07 00:00:00

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-03 00:00:00

cloudfoundry

USN-2834-1 libxml2 vulnerability | Cloud Foundry

2016-01-07 00:00:00

USN-2994-1 libxml2 vulnerabilities | Cloud Foundry

2016-06-13 00:00:00

symantec

SA129 : Multiple libxml2 Vulnerabilities

2016-09-01 08:00:00

ubuntu

libxml2 vulnerabilities

2015-12-14 00:00:00

libxml2 vulnerabilities

2016-06-06 00:00:00

libxml2 vulnerabilities

2015-11-16 00:00:00

mageia

Updated libxml2 packages fix security vulnerabilities

2015-11-26 23:47:39

Updated libxml2 packages fix security vulnerability

2016-07-27 00:59:16

ubuntucve

CVE-2015-7942

2015-10-23 00:00:00

nvd

CVE-2015-7942

2015-11-18 16:59:06

cvelist

CVE-2015-7942

2015-11-18 16:00:00

debiancve

CVE-2015-7942

2015-11-18 16:59:06

prion

Out-of-bounds

2015-11-18 16:59:00

Out-of-bounds

2017-04-11 16:59:00

cve

CVE-2015-7942

2015-11-18 16:59:06

redhatcve

CVE-2016-4483

2016-05-04 07:49:18

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.9

Confidence

High

EPSS

0.046

Percentile

92.7%

JSON

Related for OSV:CVE-2018-14404