VulnerableCode Package Details - pkg:deb/debian/libxml2@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4gyr-nwyy-qfeq	Improper Restriction of Operations within the Bounds of a Memory Buffer It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.	CVE-2016-9597
VCID-8pzj-mq5r-rqcq	Loop with Unreachable Exit Condition ('Infinite Loop') The xz_decomp function in xzlib.c in libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.	CVE-2018-9251
VCID-a28u-yu15-3qa6	Use After Free Multiple use-after-free vulnerabilities in libxml2 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.	CVE-2013-1969
VCID-b828-btkm-tufv	Uncontrolled Resource Consumption libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.	CVE-2016-9596
VCID-bmv8-f7rb-43dc	libxml2: XXE vulnerability	CVE-2024-40896
VCID-drf1-ktzv-a3dk	libxml2: Libxml2 out of bounds read	CVE-2025-26434
VCID-eqva-5dwq-d7cw	libxml: Null pointer dereference leads to Denial of service (DoS)	CVE-2025-49795
VCID-gc1r-nauj-1fge	Out-of-bounds Read libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.	CVE-2016-9598
VCID-rbdy-dm61-jkdw	Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service.	CVE-2008-4409

Vulnerability

Summary

Aliases

VCID-4gyr-nwyy-qfeq

Improper Restriction of Operations within the Bounds of a Memory Buffer It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

CVE-2016-9597

VCID-8pzj-mq5r-rqcq

Loop with Unreachable Exit Condition ('Infinite Loop') The xz_decomp function in xzlib.c in libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

CVE-2018-9251

VCID-a28u-yu15-3qa6

Use After Free Multiple use-after-free vulnerabilities in libxml2 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.

CVE-2013-1969

VCID-b828-btkm-tufv

Uncontrolled Resource Consumption libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

CVE-2016-9596

VCID-bmv8-f7rb-43dc

libxml2: XXE vulnerability

CVE-2024-40896

VCID-drf1-ktzv-a3dk

libxml2: Libxml2 out of bounds read

CVE-2025-26434

VCID-eqva-5dwq-d7cw

libxml: Null pointer dereference leads to Denial of service (DoS)

CVE-2025-49795

VCID-gc1r-nauj-1fge

Out-of-bounds Read libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

CVE-2016-9598

VCID-rbdy-dm61-jkdw

Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service.

CVE-2008-4409

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:20:20.605596+00:00	Debian Importer	Fixing	VCID-a28u-yu15-3qa6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:38:50.488512+00:00	Debian Importer	Fixing	VCID-gc1r-nauj-1fge	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:03:03.508515+00:00	Debian Importer	Fixing	VCID-drf1-ktzv-a3dk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:43:58.299894+00:00	Debian Importer	Fixing	VCID-eqva-5dwq-d7cw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:38:05.517938+00:00	Debian Importer	Fixing	VCID-rbdy-dm61-jkdw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:46:30.894491+00:00	Debian Importer	Fixing	VCID-bmv8-f7rb-43dc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:39:48.156383+00:00	Debian Importer	Fixing	VCID-8pzj-mq5r-rqcq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:32:22.101836+00:00	Debian Importer	Fixing	VCID-4gyr-nwyy-qfeq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:18:13.712643+00:00	Debian Importer	Fixing	VCID-b828-btkm-tufv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:11:35.632485+00:00	Debian Importer	Fixing	VCID-a28u-yu15-3qa6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:40:00.416898+00:00	Debian Importer	Fixing	VCID-gc1r-nauj-1fge	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:14:00.045426+00:00	Debian Importer	Fixing	VCID-drf1-ktzv-a3dk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:59:54.550968+00:00	Debian Importer	Fixing	VCID-eqva-5dwq-d7cw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:55:43.556601+00:00	Debian Importer	Fixing	VCID-rbdy-dm61-jkdw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:31:39.451355+00:00	Debian Importer	Fixing	VCID-bmv8-f7rb-43dc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:25:50.140680+00:00	Debian Importer	Fixing	VCID-8pzj-mq5r-rqcq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:21:36.676607+00:00	Debian Importer	Fixing	VCID-4gyr-nwyy-qfeq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:13:01.522186+00:00	Debian Importer	Fixing	VCID-b828-btkm-tufv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:30:08.667288+00:00	Debian Importer	Fixing	VCID-eqva-5dwq-d7cw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:08.354739+00:00	Debian Importer	Fixing	VCID-drf1-ktzv-a3dk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:08.178132+00:00	Debian Importer	Fixing	VCID-bmv8-f7rb-43dc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.969249+00:00	Debian Importer	Fixing	VCID-8pzj-mq5r-rqcq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.158695+00:00	Debian Importer	Fixing	VCID-gc1r-nauj-1fge	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.118481+00:00	Debian Importer	Fixing	VCID-4gyr-nwyy-qfeq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.078034+00:00	Debian Importer	Fixing	VCID-b828-btkm-tufv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.342912+00:00	Debian Importer	Fixing	VCID-a28u-yu15-3qa6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:03.505732+00:00	Debian Importer	Fixing	VCID-rbdy-dm61-jkdw	https://security-tracker.debian.org/tracker/data/json	38.1.0