Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/libxml2@2.9.2
purl pkg:nuget/libxml2@2.9.2
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-2b1g-gp84-87e8
Aliases:
CVE-2015-7499
GHSA-jxjr-5h69-qw3w
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. There are no reported fixed by versions.
VCID-33n1-125n-63h6
Aliases:
CVE-2015-7500
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseMisc function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. There are no reported fixed by versions.
VCID-3d1e-enaq-q3cx
Aliases:
CVE-2015-7497
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors. There are no reported fixed by versions.
VCID-6h9f-6pmg-3fh3
Aliases:
CVE-2015-7941
Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. There are no reported fixed by versions.
VCID-7rzw-9jj5-4ybk
Aliases:
CVE-2015-8241
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlNextChar function in libxml2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. There are no reported fixed by versions.
VCID-9p2f-ynzb-r3gj
Aliases:
CVE-2015-5312
GHSA-xjqg-9jvg-fgx2
Vulnerabilities in libxml2 Several vulnerabilities were discovered in the libxml2 library that this package gem depends on. There are no reported fixed by versions.
VCID-ah8e-sxuu-jqcw
Aliases:
CVE-2015-8317
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseXMLDecl function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. There are no reported fixed by versions.
VCID-ghaf-ynsg-uuea
Aliases:
CVE-2015-8242
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. There are no reported fixed by versions.
VCID-gxsm-qvkt-gygy
Aliases:
CVE-2015-7498
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. There are no reported fixed by versions.
VCID-wtxh-xxp2-d3hr
Aliases:
CVE-2015-7942
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:47:00.155164+00:00 GitLab Importer Affected by VCID-33n1-125n-63h6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-7500.yml 38.0.0
2026-04-01T12:47:00.099667+00:00 GitLab Importer Affected by VCID-gxsm-qvkt-gygy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-7498.yml 38.0.0
2026-04-01T12:47:00.072480+00:00 GitLab Importer Affected by VCID-3d1e-enaq-q3cx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-7497.yml 38.0.0
2026-04-01T12:47:00.060173+00:00 GitLab Importer Affected by VCID-9p2f-ynzb-r3gj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-5312.yml 38.0.0
2026-04-01T12:47:00.045467+00:00 GitLab Importer Affected by VCID-7rzw-9jj5-4ybk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-8241.yml 38.0.0
2026-04-01T12:47:00.031896+00:00 GitLab Importer Affected by VCID-ah8e-sxuu-jqcw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-8317.yml 38.0.0
2026-04-01T12:46:59.906465+00:00 GitLab Importer Affected by VCID-ghaf-ynsg-uuea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-8242.yml 38.0.0
2026-04-01T12:46:59.892734+00:00 GitLab Importer Affected by VCID-2b1g-gp84-87e8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-7499.yml 38.0.0
2026-04-01T12:46:59.266499+00:00 GitLab Importer Affected by VCID-6h9f-6pmg-3fh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-7941.yml 38.0.0
2026-04-01T12:46:59.240152+00:00 GitLab Importer Affected by VCID-wtxh-xxp2-d3hr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2015-7942.yml 38.0.0