Search for packages
| purl | pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5 |
| Next non-vulnerable version | 2.15.2+dfsg-0.1 |
| Latest non-vulnerable version | 2.15.2+dfsg-0.1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1esy-azbk-rkgn
Aliases: CVE-2015-8035 |
Uncontrolled Resource Consumption The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-1f8c-m3q3-yyea
Aliases: CVE-2015-7941 |
Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-1nax-e3jj-ryef
Aliases: CVE-2016-4448 |
Use of Externally-Controlled Format String Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors. |
Affected by 49 other vulnerabilities. |
|
VCID-1sh8-bsk3-auct
Aliases: CVE-2020-24977 |
libxml2 has a global Buffer Overflow vulnerability in `xmlEncodeEntitiesInternal` at `libxml2/entities.c`. |
Affected by 21 other vulnerabilities. |
|
VCID-1vsu-txd5-qbf3
Aliases: CVE-2017-9049 |
Out-of-bounds Read libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-1zr7-kx71-tkcr
Aliases: CVE-2017-7375 |
Improper Restriction of XML External Entity Reference A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-2wkc-xqzc-e3g2
Aliases: CVE-2016-1837 |
Use After Free Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allow remote attackers to cause a denial of service via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-3ean-ys5t-bydz
Aliases: CVE-2016-1833 |
Out-of-bounds Read The htmlCurrentChar function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-3s6k-9cgk-dfd6
Aliases: CVE-2016-1836 |
Use After Free Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-4sg9-pjmx-6kfy
Aliases: CVE-2021-3541 |
multiple issues |
Affected by 21 other vulnerabilities. |
|
VCID-512y-x2fd-4uh5
Aliases: CVE-2017-5130 |
multiple issues |
Affected by 37 other vulnerabilities. |
|
VCID-5dmr-9sh2-w3hk
Aliases: CVE-2023-28484 |
This advisory has been invalidated. |
Affected by 21 other vulnerabilities. |
|
VCID-5er3-1kbw-33gt
Aliases: CVE-2017-5969 |
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser. |
Affected by 37 other vulnerabilities. |
|
VCID-5g9a-2484-rucp
Aliases: CVE-2022-40304 |
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. |
Affected by 21 other vulnerabilities. |
|
VCID-5z25-mem7-hfcx
Aliases: CVE-2015-7497 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-6bw6-4huq-dqex
Aliases: CVE-2016-9318 |
Improper Restriction of XML External Entity Reference libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. |
Affected by 21 other vulnerabilities. |
|
VCID-6hc4-jdej-gkcp
Aliases: CVE-2016-1762 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-6rnb-qe59-sbfy
Aliases: CVE-2025-49796 |
denial of service |
Affected by 4 other vulnerabilities. |
|
VCID-6t8y-27ba-cfa2
Aliases: CVE-2021-3537 GHSA-286v-pcf5-25rc |
multiple issues |
Affected by 21 other vulnerabilities. |
|
VCID-81dv-y5sg-9kgq
Aliases: CVE-2019-20388 |
Missing Release of Memory after Effective Lifetime xmlSchemaPreRun in xmlschemas.c in libxml2 allows an xmlSchemaValidateStream memory leak. |
Affected by 21 other vulnerabilities. |
|
VCID-81t2-tsq4-x7ce
Aliases: CVE-2023-39615 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. |
Affected by 4 other vulnerabilities. |
|
VCID-8719-hux3-fugq
Aliases: CVE-2015-7498 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-9d2s-f8da-pkgg
Aliases: CVE-2016-3709 |
Possible cross-site scripting vulnerability in libxml after commit 960f0e2. |
Affected by 4 other vulnerabilities. |
|
VCID-9m3t-anwb-4fbx
Aliases: CVE-2016-4658 GHSA-fr52-4hqw-p27f |
arbitrary code execution |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-9usm-m2ey-7qad
Aliases: CVE-2019-19956 |
Missing Release of Memory after Effective Lifetime xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 has a memory leak related to newDoc->oldNs. |
Affected by 21 other vulnerabilities. |
|
VCID-a611-3sqz-bkac
Aliases: CVE-2016-3627 |
Improper Input Validation The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-aj7d-6vcp-7yey
Aliases: CVE-2025-9714 |
libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c |
Affected by 4 other vulnerabilities. |
|
VCID-akrb-6bu8-nqfq
Aliases: CVE-2018-14404 GHSA-6qvp-r6r3-9p7h |
NULL Pointer Dereference A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. |
Affected by 21 other vulnerabilities. |
|
VCID-anzu-y37j-dbc2
Aliases: CVE-2016-4449 |
Improper Input Validation XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-aqrr-3ej8-ukaa
Aliases: CVE-2018-14567 |
Loop with Unreachable Exit Condition ('Infinite Loop') libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. |
Affected by 21 other vulnerabilities. |
|
VCID-bgcq-x9bd-83ap
Aliases: CVE-2022-23308 |
arbitrary code execution |
Affected by 21 other vulnerabilities. |
|
VCID-bksc-y3j7-ufek
Aliases: CVE-2015-7500 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseMisc function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-c16x-s3zb-bbef
Aliases: CVE-2025-49794 |
denial of service |
Affected by 4 other vulnerabilities. |
|
VCID-cgmw-k7dg-gbdw
Aliases: CVE-2015-1819 GHSA-q7wx-62r7-j2x7 |
Vulnerabilities in libxml2 and libxslt Several vulnerabilities were discovered in the libxml2 and libxslt libraries that this package gem depends on. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-ct17-yjud-f3a1
Aliases: CVE-2021-3516 |
multiple issues |
Affected by 21 other vulnerabilities. |
|
VCID-ds9f-6ppp-5fax
Aliases: CVE-2016-1834 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlStrncat function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-e8w6-ax3x-wqan
Aliases: CVE-2021-3517 GHSA-jw9f-hh49-cvp9 |
multiple issues |
Affected by 21 other vulnerabilities. |
|
VCID-eb5v-9a7f-xyf2
Aliases: CVE-2015-7942 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-efx2-bpu9-z7a4
Aliases: CVE-2015-5312 GHSA-xjqg-9jvg-fgx2 |
Vulnerabilities in libxml2 Several vulnerabilities were discovered in the libxml2 library that this package gem depends on. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-egft-crba-6ubx
Aliases: CVE-2015-8806 GHSA-7hp2-xwpj-95jq |
Uncontrolled Resource Consumption dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-eh92-k5tc-vyab
Aliases: CVE-2017-9048 |
Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-ezzm-sgz4-xbaa
Aliases: CVE-2016-2073 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-f8jy-gtg6-x3f2
Aliases: CVE-2016-3705 |
Improper Input Validation The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-f8q4-hk9r-6be4
Aliases: CVE-2015-8241 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlNextChar function in libxml2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-fda4-67cq-cqg4
Aliases: CVE-2025-6021 |
denial of service |
Affected by 4 other vulnerabilities. |
|
VCID-fn1n-adz5-5fcy
Aliases: CVE-2015-7499 GHSA-jxjr-5h69-qw3w |
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-frer-xevm-x7f7
Aliases: CVE-2017-7376 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-gfk4-86ze-3bdx
Aliases: CVE-2022-29824 |
arbitrary code execution |
Affected by 37 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-j98t-paam-97ec
Aliases: CVE-2017-18258 GHSA-882p-jqgm-f45g |
Allocation of Resources Without Limits or Throttling The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. |
Affected by 21 other vulnerabilities. |
|
VCID-jtkn-83hh-x3et
Aliases: CVE-2017-9050 GHSA-8c56-cpmw-89x7 |
Out-of-bounds Read libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-jwft-4pxx-5ydg
Aliases: CVE-2025-24928 |
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. |
Affected by 4 other vulnerabilities. |
|
VCID-jxz3-ug52-cuhn
Aliases: CVE-2020-7595 GHSA-7553-jr98-vx47 |
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Nokogiri has backported the patch for CVE-2020-7595 into its vendored version of libxml2, and released this as v1.10.8 CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and so Nokogiri versions <= v1.10.7 are vulnerable. |
Affected by 21 other vulnerabilities. |
|
VCID-kg69-mhxs-tkcx
Aliases: CVE-2016-1839 |
Out-of-bounds Read The xmlDictAddString function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-kvkp-bve3-bqh7
Aliases: CVE-2023-29469 |
Double Free An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). |
Affected by 21 other vulnerabilities. |
|
VCID-m8d1-5qex-huf8
Aliases: CVE-2016-5131 |
arbitrary code execution |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-m91c-mfu9-bbbh
Aliases: CVE-2017-16932 GHSA-x2fm-93ww-ggvx |
Loop with Unreachable Exit Condition ('Infinite Loop') parser.c in libxml2 does not prevent infinite recursion in parameter entities. |
Affected by 21 other vulnerabilities. |
|
VCID-msku-25sz-rbeg
Aliases: CVE-2017-0663 |
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-ne9k-m48b-13cu
Aliases: CVE-2014-3660 |
Uncontrolled Resource Consumption parser.c in libxml2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. |
Affected by 49 other vulnerabilities. |
|
VCID-pdus-4wua-fucn
Aliases: CVE-2024-34459 |
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. |
Affected by 4 other vulnerabilities. |
|
VCID-pgfh-4snq-pbe6
Aliases: CVE-2015-8242 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
Affected by 49 other vulnerabilities. |
|
VCID-q1rm-fyhj-kbfu
Aliases: CVE-2016-1840 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-q736-5feg-q3h2
Aliases: CVE-2016-4447 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseElementDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-qa31-1xtw-ybdg
Aliases: CVE-2022-40303 |
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. |
Affected by 21 other vulnerabilities. |
|
VCID-qv2p-47xc-eqc6
Aliases: CVE-2024-25062 |
Use After Free When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. |
Affected by 4 other vulnerabilities. |
|
VCID-r3xn-5u5y-hbdw
Aliases: CVE-2022-49043 |
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. |
Affected by 4 other vulnerabilities. |
|
VCID-tn6n-x8d3-jqd3
Aliases: CVE-2025-6170 |
denial of service |
Affected by 4 other vulnerabilities. |
|
VCID-tt91-8gv4-3qh9
Aliases: CVE-2016-1835 |
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-u795-5dzy-gkbs
Aliases: CVE-2015-8710 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-ueh5-fv4d-a7a8
Aliases: CVE-2017-15412 GHSA-r58r-74gx-6wx3 |
multiple issues |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-uehj-g87n-sfcf
Aliases: CVE-2025-32414 |
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. |
Affected by 4 other vulnerabilities. |
|
VCID-up1g-mjyj-pub4
Aliases: CVE-2024-56171 |
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. |
Affected by 4 other vulnerabilities. |
|
VCID-ur8u-6xpb-g3g3
Aliases: CVE-2025-32415 |
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. |
Affected by 4 other vulnerabilities. |
|
VCID-vfxe-t79s-3qbb
Aliases: CVE-2025-27113 |
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. |
Affected by 4 other vulnerabilities. |
|
VCID-w156-x6fs-7baj
Aliases: CVE-2015-8317 |
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseXMLDecl function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-wqc9-2nup-r7d5
Aliases: CVE-2017-8872 |
Out-of-bounds Read The htmlParseTryOrFinish function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (buffer over-read) or information disclosure. |
Affected by 37 other vulnerabilities. |
|
VCID-x53x-k5cn-4fhv
Aliases: CVE-2017-9047 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-y6ed-mwdn-8bcv
Aliases: CVE-2022-2309 GHSA-wrxv-2j5q-m38w PYSEC-2022-230 |
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. |
Affected by 4 other vulnerabilities. |
|
VCID-y6zn-hwwh-23hp
Aliases: CVE-2016-1838 |
Out-of-bounds Read The xmlPArserPrintFileContextInternal function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-y76b-6hzr-uqgb
Aliases: CVE-2016-4483 |
Deserialization of Untrusted Data The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. |
Affected by 82 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-y771-xrj9-6qca
Aliases: CVE-2023-45322 |
Use After Free This advisory has been marked as False Positive and removed. |
Affected by 4 other vulnerabilities. |
|
VCID-yjn6-17qx-9ubc
Aliases: CVE-2021-3518 GHSA-v4f8-2847-rwm7 |
multiple issues |
Affected by 21 other vulnerabilities. |
|
VCID-zezc-xfmm-cqcg
Aliases: CVE-2017-16931 |
Improper Restriction of Operations within the Bounds of a Memory Buffer parser.c in libxml2 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. |
Affected by 37 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-43m9-cg6h-nuet | Improper Restriction of Operations within the Bounds of a Memory Buffer parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. |
CVE-2013-2877
|
| VCID-bm7f-1hbr-dyfx | The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. |
CVE-2014-0191
|