Nick Wellnhofer

3 exploits Active since Nov 2017
CVE-2017-16931 WRITEUP CRITICAL WRITEUP
libxml2 <2.9.5 - Info Disclosure
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
CVSS 9.8
CVE-2017-16932 WRITEUP HIGH WRITEUP
libxml2 <2.9.5 - Buffer Overflow
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
CVSS 7.5
CVE-2022-23308 WRITEUP HIGH WRITEUP
Xmlsoft Libxml2 < 2.9.13 - Use After Free
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVSS 7.5