ALAS2-2019-1301 --- libxml2ID: oval:org.secpod.oval:def:1700218 | Date: (C)2019-10-07 (M)2023-12-20 |
Class: PATCH | Family: unix |
xpointer.c in libxml2 before 2.9.5 does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted XML document. parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a #039;%#039; character in a DTD name