libxmljs@0.8.1 vulnerabilities

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read due to improper namespace processing of sch:name elements in xmlSchematronFormatReport() function. An attacker can cause a denial of service or potentially execute arbitrary code by providing specially crafted XML input.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Expired Pointer Dereference via 'xmlSchematronGetNode()` function in Schematron validator. An attacker can cause a crash or execute arbitrary code by triggering use of freed memory.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Stack-based Buffer Overflow due to unsafe use of strcpy() in the xmllint interactive shell command tool. An attacker can cause a crash by providing an overly long argument to any shell command during an interactive session.

Note:

This vulnerability affects only the interactive shell and requires that an attacker can influence or control the command input to xmllint, which is uncommon in typical deployments.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the xmlBuildQName function. An attacker can cause a crash and denial of service by supplying specially crafted XML input that triggers an integer overflow and subsequent stack buffer overflow.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Expired Pointer Dereference due to a null pointer dereference while processing XPath XML expressions. An attacker can cause a crash and disrupt service availability by sending specially crafted input that triggers the dereference.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free via the xmlUnlinkNode function in tree.c. An attacker can cause a denial of service or potentially execute arbitrary code by exploiting this vulnerability.

Note:

This is only exploitable if a certain memory allocation fails.

** Disputed **

The vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free via the xmlXIncludeAddNode function in xinclude.c. An attacker can execute arbitrary code or cause a denial of service by manipulating the memory after it has been freed.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the xmlHTMLPrintFileContext function in xmllint.c. An attacker can read memory contents that may contain sensitive data by triggering a buffer over-read condition.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Double Free and other issues in the xmlDictComputeFastKey() function, which behaves nondeterministically on empty string inputs.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read. The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free. Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Write. There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read. GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds. A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to NULL Pointer Dereference. A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds. The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS) parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free. There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds. The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS). The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS). The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Memory Leak xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS). xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use of Externally-Controlled Format String. Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free. Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds. Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds. Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS) libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS). A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS) dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds. Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read. The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS) libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Memory Leak xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Improper Input Validation. XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read. The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Improper Input Validation. The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to NULL Pointer Dereference. A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free. Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Write. An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free. Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Improper Input Validation leading to NULL dereference in xmlSchemaFixupComplexType.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Write in buf.c (xmlBuf*) and tree.c (xmlBuffer*). This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free via the xmlTextReader module. An attacker can cause denial of service by processing crafted XML documents with DTD validation and XInclude expansion enabled.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read in the xmlPythonFileRead() function in libxml.c, which exposes the application to a potentially exploitable crash, when parsing inputs involving malformed character encoding data.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to NULL Pointer Dereference in the xmlPatMatch() function in pattern.c. An attacker can cause the application to crash. Known functions that make use of the vulnerable function include XML::LibXML::Reader (perl), retainpath (Tcl), and xmllint --walker --pattern/xmllint --stream --pattern.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the xmlSnprintfElements() function. An attacker can overwrite out-of-bounds stack memory with XML NCName data by supplying a malicious XML document or malicious DTD.

This vulnerability is similar to the previously reported and patched (CVE-2017-9047)[https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBXML2-3004044].

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free in the xmlSchemaItemListAdd() function in xmlschemas.c, which is exploitable by supplying a malicious .xsd schema for validation. it may also be exploitable when an xsd:keyref is provided in combination with recursively defined types that have additional identity constraints, for validation against a non malicious schema.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Buffer Overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c, which allows attackers to exploit this vulnerability by supplying a crafted XML file.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Buffer Under-read in the xmlSchemaIDCFillNodeTables() function. An attacker can cause partial denial of service by by validating a malicious XML document against an XML schema using xsd:keyref in combination with recursively defined types that have additional identity constraints.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Improper Input Validation. The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-bounds Read. The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Out-of-Bounds. The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

Upgrade libxmljs to version 1.0.0 or higher.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via XML_PARSE_HUGE due to missing length checks.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Use After Free via the ID and IDREF attributes, when using the xmlReader interface with validation or when a document is parsed with XML_PARSE_DTDVALID and without XML_PARSE_NOENT. This can lead to the value of ID attributes to not be normalized after potentially expanding entities in xmlRemoveID, which will cause later calls to xmlGetID to return a pointer to previously freed memory.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS) due to dict corruption caused by entity reference cycles.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Type Confusion when parsing a specially crafted XML while invoking the namespaces() function, which invokes _wrap__xmlNode_nsDef_get() function on a grand-child of a node that refers to an entity. An attacker can cause a denial of service or execute arbitrary code by parsing a specially crafted XML document.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Remote Code Execution (RCE) when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. An attacker can cause denial of service, data leak, infinite loop, and execute arbitrary code on 32-bit systems with the XML_PARSE_HUGE flag enabled by submitting a malicious XML document.

There is no fixed version for libxmljs.

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS). When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

PoC:

  let libxmljs = require("libxmljs"); 
  let xml = {toString: 1 }; 
  libxmljs.parseXml(xml);

Upgrade libxmljs to version 0.19.8 or higher.