Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/libxml2@2.7.6-20.el6_7?arch=1
purl pkg:rpm/redhat/libxml2@2.7.6-20.el6_7?arch=1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.4
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-2b1g-gp84-87e8
Aliases:
CVE-2015-7499
GHSA-jxjr-5h69-qw3w
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. There are no reported fixed by versions.
VCID-33n1-125n-63h6
Aliases:
CVE-2015-7500
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseMisc function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. There are no reported fixed by versions.
VCID-3d1e-enaq-q3cx
Aliases:
CVE-2015-7497
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors. There are no reported fixed by versions.
VCID-6h9f-6pmg-3fh3
Aliases:
CVE-2015-7941
Improper Restriction of Operations within the Bounds of a Memory Buffer libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. There are no reported fixed by versions.
VCID-7rzw-9jj5-4ybk
Aliases:
CVE-2015-8241
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlNextChar function in libxml2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. There are no reported fixed by versions.
VCID-9p2f-ynzb-r3gj
Aliases:
CVE-2015-5312
GHSA-xjqg-9jvg-fgx2
Vulnerabilities in libxml2 Several vulnerabilities were discovered in the libxml2 library that this package gem depends on. There are no reported fixed by versions.
VCID-ah8e-sxuu-jqcw
Aliases:
CVE-2015-8317
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseXMLDecl function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. There are no reported fixed by versions.
VCID-cgfv-pps6-6khd
Aliases:
CVE-2015-8710
Improper Restriction of Operations within the Bounds of a Memory Buffer The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. There are no reported fixed by versions.
VCID-ghaf-ynsg-uuea
Aliases:
CVE-2015-8242
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. There are no reported fixed by versions.
VCID-gxsm-qvkt-gygy
Aliases:
CVE-2015-7498
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. There are no reported fixed by versions.
VCID-wtxh-xxp2-d3hr
Aliases:
CVE-2015-7942
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:43:10.374654+00:00 RedHat Importer Affected by VCID-6h9f-6pmg-3fh3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7941.json 38.0.0
2026-04-01T14:41:30.661619+00:00 RedHat Importer Affected by VCID-cgfv-pps6-6khd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8710.json 38.0.0
2026-04-01T14:40:35.589801+00:00 RedHat Importer Affected by VCID-ah8e-sxuu-jqcw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8317.json 38.0.0
2026-04-01T14:39:58.252765+00:00 RedHat Importer Affected by VCID-7rzw-9jj5-4ybk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8241.json 38.0.0
2026-04-01T14:39:57.876771+00:00 RedHat Importer Affected by VCID-ghaf-ynsg-uuea https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8242.json 38.0.0
2026-04-01T14:39:27.933262+00:00 RedHat Importer Affected by VCID-wtxh-xxp2-d3hr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7942.json 38.0.0
2026-04-01T14:38:45.844509+00:00 RedHat Importer Affected by VCID-33n1-125n-63h6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7500.json 38.0.0
2026-04-01T14:38:45.797231+00:00 RedHat Importer Affected by VCID-2b1g-gp84-87e8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json 38.0.0
2026-04-01T14:38:45.757247+00:00 RedHat Importer Affected by VCID-gxsm-qvkt-gygy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7498.json 38.0.0
2026-04-01T14:38:45.716712+00:00 RedHat Importer Affected by VCID-3d1e-enaq-q3cx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7497.json 38.0.0
2026-04-01T14:38:45.678795+00:00 RedHat Importer Affected by VCID-9p2f-ynzb-r3gj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json 38.0.0