VulnerableCode Package Details - pkg:deb/debian/libxml2@2.9.3%2Bdfsg1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2b1g-gp84-87e8	Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.	CVE-2015-7499 GHSA-jxjr-5h69-qw3w
VCID-33n1-125n-63h6	Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseMisc function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.	CVE-2015-7500
VCID-3d1e-enaq-q3cx	Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors.	CVE-2015-7497
VCID-3s4n-twju-b3dw	Uncontrolled Resource Consumption The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.	CVE-2015-8035
VCID-7rzw-9jj5-4ybk	Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlNextChar function in libxml2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.	CVE-2015-8241
VCID-9p2f-ynzb-r3gj	Vulnerabilities in libxml2 Several vulnerabilities were discovered in the libxml2 library that this package gem depends on.	CVE-2015-5312 GHSA-xjqg-9jvg-fgx2
VCID-ghaf-ynsg-uuea	Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.	CVE-2015-8242
VCID-gxsm-qvkt-gygy	Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.	CVE-2015-7498
VCID-wtxh-xxp2-d3hr	Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.	CVE-2015-7942

Vulnerability

Summary

Aliases

VCID-2b1g-gp84-87e8

Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

CVE-2015-7499
GHSA-jxjr-5h69-qw3w

VCID-33n1-125n-63h6

Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseMisc function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

CVE-2015-7500

VCID-3d1e-enaq-q3cx

Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors.

CVE-2015-7497

VCID-3s4n-twju-b3dw

Uncontrolled Resource Consumption The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

CVE-2015-8035

VCID-7rzw-9jj5-4ybk

Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlNextChar function in libxml2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

CVE-2015-8241

VCID-9p2f-ynzb-r3gj

Vulnerabilities in libxml2 Several vulnerabilities were discovered in the libxml2 library that this package gem depends on.

CVE-2015-5312
GHSA-xjqg-9jvg-fgx2

VCID-ghaf-ynsg-uuea

Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

CVE-2015-8242

VCID-gxsm-qvkt-gygy

Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

CVE-2015-7498

VCID-wtxh-xxp2-d3hr

Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

CVE-2015-7942

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:08:25.466415+00:00	Debian Importer	Fixing	VCID-33n1-125n-63h6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:55:31.316407+00:00	Debian Importer	Fixing	VCID-3d1e-enaq-q3cx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:33:01.659515+00:00	Debian Importer	Fixing	VCID-wtxh-xxp2-d3hr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:09:45.582555+00:00	Debian Importer	Fixing	VCID-gxsm-qvkt-gygy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:06:08.152694+00:00	Debian Importer	Fixing	VCID-2b1g-gp84-87e8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:10:54.422787+00:00	Debian Importer	Fixing	VCID-3s4n-twju-b3dw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:05:54.553702+00:00	Debian Importer	Fixing	VCID-7rzw-9jj5-4ybk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:42:55.890338+00:00	Debian Importer	Fixing	VCID-9p2f-ynzb-r3gj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:51:43.552150+00:00	Debian Importer	Fixing	VCID-ghaf-ynsg-uuea	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:02:18.254753+00:00	Debian Importer	Fixing	VCID-33n1-125n-63h6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:52:31.712418+00:00	Debian Importer	Fixing	VCID-3d1e-enaq-q3cx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:35:44.316592+00:00	Debian Importer	Fixing	VCID-wtxh-xxp2-d3hr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:19:02.281779+00:00	Debian Importer	Fixing	VCID-gxsm-qvkt-gygy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:16:26.401967+00:00	Debian Importer	Fixing	VCID-2b1g-gp84-87e8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:36:03.962840+00:00	Debian Importer	Fixing	VCID-3s4n-twju-b3dw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:32:15.516801+00:00	Debian Importer	Fixing	VCID-7rzw-9jj5-4ybk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:50.822603+00:00	Debian Importer	Fixing	VCID-9p2f-ynzb-r3gj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:57:05.247832+00:00	Debian Importer	Fixing	VCID-ghaf-ynsg-uuea	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:30:04.990198+00:00	Debian Importer	Fixing	VCID-ghaf-ynsg-uuea	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.940834+00:00	Debian Importer	Fixing	VCID-7rzw-9jj5-4ybk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.891005+00:00	Debian Importer	Fixing	VCID-3s4n-twju-b3dw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.840966+00:00	Debian Importer	Fixing	VCID-wtxh-xxp2-d3hr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.746187+00:00	Debian Importer	Fixing	VCID-33n1-125n-63h6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.705093+00:00	Debian Importer	Fixing	VCID-2b1g-gp84-87e8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.663684+00:00	Debian Importer	Fixing	VCID-gxsm-qvkt-gygy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.623071+00:00	Debian Importer	Fixing	VCID-3d1e-enaq-q3cx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:04.582025+00:00	Debian Importer	Fixing	VCID-9p2f-ynzb-r3gj	https://security-tracker.debian.org/tracker/data/json	38.1.0