The xz_decomp function in xzlib.c in libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (inﬁnite loop) via a crafted XML ﬁle that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a diﬀerent vulnerability than CVE-2015-803.
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary ﬁles or cause a denial of service (resource consumption) via unspeciﬁed vectors.
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows contextdependent attackers to cause a denial of service (inﬁnite recursion, stack consumption, and application crash) via a crafted XML document.
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspeciﬁed impact via format string speciﬁers in unknown vectors.
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA ﬁle, because the decoder functionality does not restrict memory usage to what is required for a legitimate ﬁle.
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buﬀer underread and application crash) via a crafted ﬁle, involving xmlParseName.
A ﬂaw in libxml2 allows remote XML entity inclusion with default parser ﬂags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser ﬂags, and expose content from local ﬁles, HTTP, or FTP servers (which might be otherwise unreachable).
Update to version
If you think you’re a victim of a cyber-attack, immediately send an email to email@example.com for a quick response.