Search for packages
| purl | pkg:ebuild/dev-libs/libxml2@2.9.4-r1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2b1g-gp84-87e8 | Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. |
CVE-2015-7499
GHSA-jxjr-5h69-qw3w |
| VCID-2j62-5rjn-vyeu | Uncontrolled Resource Consumption dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. |
CVE-2015-8806
GHSA-7hp2-xwpj-95jq |
| VCID-33n1-125n-63h6 | Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseMisc function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. |
CVE-2015-7500
|
| VCID-3d1e-enaq-q3cx | Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors. |
CVE-2015-7497
|
| VCID-3s4n-twju-b3dw | Uncontrolled Resource Consumption The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. |
CVE-2015-8035
|
| VCID-51f2-w9b7-9fb4 | Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
CVE-2016-1840
|
| VCID-6h9f-6pmg-3fh3 | Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. |
CVE-2015-7941
|
| VCID-7h3p-7ej2-17f1 | Out-of-bounds Read The xmlDictAddString function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
CVE-2016-1839
|
| VCID-9p2f-ynzb-r3gj | Vulnerabilities in libxml2 Several vulnerabilities were discovered in the libxml2 library that this package gem depends on. |
CVE-2015-5312
GHSA-xjqg-9jvg-fgx2 |
| VCID-9q49-2srz-rkg7 | Use After Free Use-after-free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. |
CVE-2016-5131
|
| VCID-b5tz-9s1v-pkg7 | Vulnerabilities in libxml2 and libxslt Several vulnerabilities were discovered in the libxml2 and libxslt libraries that this package gem depends on. |
CVE-2015-1819
GHSA-q7wx-62r7-j2x7 |
| VCID-bk98-bfkg-7bdt | Use After Free Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service via a crafted XML document. |
CVE-2016-1836
|
| VCID-bp8r-8jjt-hygw | Improper Input Validation The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. |
CVE-2016-3705
|
| VCID-ecde-c15q-ukh1 | Improper Restriction of Operations within the Bounds of a Memory Buffer xpointer.c in libxml2 (as used in Apple iOS, OS X, tvOS, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. |
CVE-2016-4658
GHSA-fr52-4hqw-p27f |
| VCID-ghaf-ynsg-uuea | Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
CVE-2015-8242
|
| VCID-gxsm-qvkt-gygy | Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. |
CVE-2015-7498
|
| VCID-s3j9-1zq5-zkf5 | Deserialization of Untrusted Data The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. |
CVE-2016-4483
|
| VCID-tyk2-gq2c-bbcn | Improper Restriction of Operations within the Bounds of a Memory Buffer The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. |
CVE-2016-2073
|
| VCID-vcq9-93xd-nfbe | Out-of-bounds Read The xmlPArserPrintFileContextInternal function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
CVE-2016-1838
|
| VCID-wtxh-xxp2-d3hr | Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. |
CVE-2015-7942
|
| VCID-wy5v-dsp3-a7aa | Improper Input Validation The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. |
CVE-2016-3627
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:00:35.001171+00:00 | Gentoo Importer | Fixing | VCID-9q49-2srz-rkg7 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.991638+00:00 | Gentoo Importer | Fixing | VCID-ecde-c15q-ukh1 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.982072+00:00 | Gentoo Importer | Fixing | VCID-s3j9-1zq5-zkf5 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.972564+00:00 | Gentoo Importer | Fixing | VCID-bp8r-8jjt-hygw | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.962192+00:00 | Gentoo Importer | Fixing | VCID-wy5v-dsp3-a7aa | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.952418+00:00 | Gentoo Importer | Fixing | VCID-tyk2-gq2c-bbcn | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.941927+00:00 | Gentoo Importer | Fixing | VCID-51f2-w9b7-9fb4 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.933259+00:00 | Gentoo Importer | Fixing | VCID-7h3p-7ej2-17f1 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.923376+00:00 | Gentoo Importer | Fixing | VCID-vcq9-93xd-nfbe | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.913145+00:00 | Gentoo Importer | Fixing | VCID-bk98-bfkg-7bdt | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.904441+00:00 | Gentoo Importer | Fixing | VCID-2j62-5rjn-vyeu | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.894737+00:00 | Gentoo Importer | Fixing | VCID-ghaf-ynsg-uuea | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.885733+00:00 | Gentoo Importer | Fixing | VCID-3s4n-twju-b3dw | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.874904+00:00 | Gentoo Importer | Fixing | VCID-wtxh-xxp2-d3hr | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.865906+00:00 | Gentoo Importer | Fixing | VCID-6h9f-6pmg-3fh3 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.854728+00:00 | Gentoo Importer | Fixing | VCID-33n1-125n-63h6 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.846254+00:00 | Gentoo Importer | Fixing | VCID-2b1g-gp84-87e8 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.835514+00:00 | Gentoo Importer | Fixing | VCID-gxsm-qvkt-gygy | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.826400+00:00 | Gentoo Importer | Fixing | VCID-3d1e-enaq-q3cx | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.816189+00:00 | Gentoo Importer | Fixing | VCID-9p2f-ynzb-r3gj | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |
| 2026-04-01T13:00:34.806655+00:00 | Gentoo Importer | Fixing | VCID-b5tz-9s1v-pkg7 | https://security.gentoo.org/glsa/201701-37 | 38.0.0 |