Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/libxml2@2.9.3
purl pkg:nuget/libxml2@2.9.3
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-4gyr-nwyy-qfeq
Aliases:
CVE-2016-9597
Improper Restriction of Operations within the Bounds of a Memory Buffer It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. There are no reported fixed by versions.
VCID-bp8r-8jjt-hygw
Aliases:
CVE-2016-3705
Improper Input Validation The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. There are no reported fixed by versions.
VCID-netm-9gxh-3yh4
Aliases:
CVE-2016-4448
Use of Externally-Controlled Format String Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors. There are no reported fixed by versions.
VCID-t9pa-yw9s-kqb9
Aliases:
CVE-2016-4449
Improper Input Validation XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. There are no reported fixed by versions.
VCID-tazr-2qgq-77fy
Aliases:
CVE-2016-4447
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseElementDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. There are no reported fixed by versions.
VCID-wy5v-dsp3-a7aa
Aliases:
CVE-2016-3627
Improper Input Validation The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:47:53.655557+00:00 GitLab Importer Affected by VCID-4gyr-nwyy-qfeq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-9597.yml 38.0.0
2026-04-01T12:47:04.328314+00:00 GitLab Importer Affected by VCID-netm-9gxh-3yh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4448.yml 38.0.0
2026-04-01T12:47:04.314258+00:00 GitLab Importer Affected by VCID-t9pa-yw9s-kqb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4449.yml 38.0.0
2026-04-01T12:47:04.295735+00:00 GitLab Importer Affected by VCID-tazr-2qgq-77fy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-4447.yml 38.0.0
2026-04-01T12:47:03.284666+00:00 GitLab Importer Affected by VCID-bp8r-8jjt-hygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-3705.yml 38.0.0
2026-04-01T12:47:03.219615+00:00 GitLab Importer Affected by VCID-wy5v-dsp3-a7aa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2016-3627.yml 38.0.0