VulnerableCode Package Details - pkg:ebuild/dev-libs/libxml2@2.9.4-r3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3whx-6t3e-7beq	Multiple vulnerabilities have been found in libxml2, the worst of which could result in the execution of arbitrary code.	CVE-2017-5969
VCID-8tej-h12t-2fag	Improper Restriction of XML External Entity Reference A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).	CVE-2017-7375
VCID-qqte-z1e6-xuh7	Improper Restriction of Operations within the Bounds of a Memory Buffer A buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.	CVE-2017-9047
VCID-qtp3-a1g7-8kgw	Improper Restriction of XML External Entity Reference libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.	CVE-2016-9318
VCID-qxwq-xwaw-nyak	Multiple vulnerabilities have been found in libxml2, the worst of which could result in the execution of arbitrary code.	CVE-2017-0663
VCID-rhgj-t5cp-wkbh	Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.	CVE-2017-9048
VCID-ymhr-ads4-qqdp	Out-of-bounds Read libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.	CVE-2017-9049
VCID-zm21-2pqq-3ker	Out-of-bounds Read libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.	CVE-2017-9050 GHSA-8c56-cpmw-89x7

Vulnerability

Summary

Aliases

VCID-3whx-6t3e-7beq

Multiple vulnerabilities have been found in libxml2, the worst of which could result in the execution of arbitrary code.

CVE-2017-5969

VCID-8tej-h12t-2fag

Improper Restriction of XML External Entity Reference A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

CVE-2017-7375

VCID-qqte-z1e6-xuh7

Improper Restriction of Operations within the Bounds of a Memory Buffer A buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.

CVE-2017-9047

VCID-qtp3-a1g7-8kgw

Improper Restriction of XML External Entity Reference libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

CVE-2016-9318

VCID-qxwq-xwaw-nyak

Multiple vulnerabilities have been found in libxml2, the worst of which could result in the execution of arbitrary code.

CVE-2017-0663

VCID-rhgj-t5cp-wkbh

Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

CVE-2017-9048

VCID-ymhr-ads4-qqdp

Out-of-bounds Read libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.

CVE-2017-9049

VCID-zm21-2pqq-3ker

Out-of-bounds Read libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.

CVE-2017-9050
GHSA-8c56-cpmw-89x7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:14:34.671199+00:00	Gentoo Importer	Fixing	VCID-zm21-2pqq-3ker	https://security.gentoo.org/glsa/201711-01	38.0.0
2026-04-01T13:14:34.656775+00:00	Gentoo Importer	Fixing	VCID-ymhr-ads4-qqdp	https://security.gentoo.org/glsa/201711-01	38.0.0
2026-04-01T13:14:34.640527+00:00	Gentoo Importer	Fixing	VCID-rhgj-t5cp-wkbh	https://security.gentoo.org/glsa/201711-01	38.0.0
2026-04-01T13:14:34.626147+00:00	Gentoo Importer	Fixing	VCID-qqte-z1e6-xuh7	https://security.gentoo.org/glsa/201711-01	38.0.0
2026-04-01T13:14:34.611670+00:00	Gentoo Importer	Fixing	VCID-8tej-h12t-2fag	https://security.gentoo.org/glsa/201711-01	38.0.0
2026-04-01T13:14:34.597195+00:00	Gentoo Importer	Fixing	VCID-3whx-6t3e-7beq	https://security.gentoo.org/glsa/201711-01	38.0.0
2026-04-01T13:14:34.580232+00:00	Gentoo Importer	Fixing	VCID-qxwq-xwaw-nyak	https://security.gentoo.org/glsa/201711-01	38.0.0
2026-04-01T13:14:34.563472+00:00	Gentoo Importer	Fixing	VCID-qtp3-a1g7-8kgw	https://security.gentoo.org/glsa/201711-01	38.0.0