VulnerableCode Package Details - pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-azzy-m5pc-qudn	Loop with Unreachable Exit Condition ('Infinite Loop') parser.c in libxml2 does not prevent infinite recursion in parameter entities.	CVE-2017-16932 GHSA-x2fm-93ww-ggvx
VCID-bejh-22y7-kuh6	NULL Pointer Dereference A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.	CVE-2018-14404 GHSA-6qvp-r6r3-9p7h
VCID-qtp3-a1g7-8kgw	Improper Restriction of XML External Entity Reference libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.	CVE-2016-9318
VCID-t53m-6vvr-27cf	Loop with Unreachable Exit Condition ('Infinite Loop') libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.	CVE-2018-14567
VCID-ugyh-dycm-3bc3	libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c	CVE-2019-19956
VCID-wc4g-sxyq-ubcd	Allocation of Resources Without Limits or Throttling The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.	CVE-2017-18258 GHSA-882p-jqgm-f45g

Vulnerability

Summary

Aliases

VCID-azzy-m5pc-qudn

Loop with Unreachable Exit Condition ('Infinite Loop') parser.c in libxml2 does not prevent infinite recursion in parameter entities.

CVE-2017-16932
GHSA-x2fm-93ww-ggvx

VCID-bejh-22y7-kuh6

NULL Pointer Dereference A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

CVE-2018-14404
GHSA-6qvp-r6r3-9p7h

VCID-qtp3-a1g7-8kgw

Improper Restriction of XML External Entity Reference libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

CVE-2016-9318

VCID-t53m-6vvr-27cf

Loop with Unreachable Exit Condition ('Infinite Loop') libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

CVE-2018-14567

VCID-ugyh-dycm-3bc3

libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c

CVE-2019-19956

VCID-wc4g-sxyq-ubcd

Allocation of Resources Without Limits or Throttling The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

CVE-2017-18258
GHSA-882p-jqgm-f45g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:44:29.890434+00:00	Debian Importer	Fixing	VCID-t53m-6vvr-27cf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:56:37.283357+00:00	Debian Importer	Fixing	VCID-azzy-m5pc-qudn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:26:44.042026+00:00	Debian Importer	Fixing	VCID-qtp3-a1g7-8kgw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:35:05.989779+00:00	Debian Importer	Fixing	VCID-bejh-22y7-kuh6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:28:41.007969+00:00	Debian Importer	Fixing	VCID-wc4g-sxyq-ubcd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:38:23.640976+00:00	Debian Importer	Fixing	VCID-ugyh-dycm-3bc3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:44:13.273604+00:00	Debian Importer	Fixing	VCID-t53m-6vvr-27cf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:09:09.656322+00:00	Debian Importer	Fixing	VCID-azzy-m5pc-qudn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:47:52.268911+00:00	Debian Importer	Fixing	VCID-qtp3-a1g7-8kgw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:09:03.575730+00:00	Debian Importer	Fixing	VCID-bejh-22y7-kuh6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:04:14.330257+00:00	Debian Importer	Fixing	VCID-wc4g-sxyq-ubcd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:24:56.946096+00:00	Debian Importer	Fixing	VCID-ugyh-dycm-3bc3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:30:07.010744+00:00	Debian Importer	Fixing	VCID-ugyh-dycm-3bc3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.928553+00:00	Debian Importer	Fixing	VCID-t53m-6vvr-27cf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.883908+00:00	Debian Importer	Fixing	VCID-bejh-22y7-kuh6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.393147+00:00	Debian Importer	Fixing	VCID-wc4g-sxyq-ubcd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.344241+00:00	Debian Importer	Fixing	VCID-azzy-m5pc-qudn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:06.033639+00:00	Debian Importer	Fixing	VCID-qtp3-a1g7-8kgw	https://security-tracker.debian.org/tracker/data/json	38.1.0