Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/libxml2@2.7.6-21.el6_8?arch=1
purl pkg:rpm/redhat/libxml2@2.7.6-21.el6_8?arch=1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (14)
Vulnerability Summary Fixed by
VCID-51f2-w9b7-9fb4
Aliases:
CVE-2016-1840
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. There are no reported fixed by versions.
VCID-7h3p-7ej2-17f1
Aliases:
CVE-2016-1839
Out-of-bounds Read The xmlDictAddString function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. There are no reported fixed by versions.
VCID-bk98-bfkg-7bdt
Aliases:
CVE-2016-1836
Use After Free Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service via a crafted XML document. There are no reported fixed by versions.
VCID-bp8r-8jjt-hygw
Aliases:
CVE-2016-3705
Improper Input Validation The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. There are no reported fixed by versions.
VCID-e9c3-5gws-u3fp
Aliases:
CVE-2016-1837
Use After Free Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allow remote attackers to cause a denial of service via a crafted XML document. There are no reported fixed by versions.
VCID-eebz-xjem-cygz
Aliases:
CVE-2016-1834
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the xmlStrncat function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. There are no reported fixed by versions.
VCID-ked7-5tjg-nudx
Aliases:
CVE-2016-1762
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. There are no reported fixed by versions.
VCID-netm-9gxh-3yh4
Aliases:
CVE-2016-4448
Use of Externally-Controlled Format String Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors. There are no reported fixed by versions.
VCID-r7q9-7u4b-83cz
Aliases:
CVE-2016-1833
Out-of-bounds Read The htmlCurrentChar function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. There are no reported fixed by versions.
VCID-t9pa-yw9s-kqb9
Aliases:
CVE-2016-4449
Improper Input Validation XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. There are no reported fixed by versions.
VCID-tazr-2qgq-77fy
Aliases:
CVE-2016-4447
Improper Restriction of Operations within the Bounds of a Memory Buffer The xmlParseElementDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. There are no reported fixed by versions.
VCID-vcq9-93xd-nfbe
Aliases:
CVE-2016-1838
Out-of-bounds Read The xmlPArserPrintFileContextInternal function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. There are no reported fixed by versions.
VCID-wj66-7n6c-9kam
Aliases:
CVE-2016-1835
security update There are no reported fixed by versions.
VCID-wy5v-dsp3-a7aa
Aliases:
CVE-2016-3627
Improper Input Validation The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:38:46.870454+00:00 RedHat Importer Affected by VCID-r7q9-7u4b-83cz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1833.json 38.0.0
2026-04-01T14:37:32.381627+00:00 RedHat Importer Affected by VCID-wy5v-dsp3-a7aa https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3627.json 38.0.0
2026-04-01T14:36:44.118427+00:00 RedHat Importer Affected by VCID-bp8r-8jjt-hygw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3705.json 38.0.0
2026-04-01T14:36:31.332626+00:00 RedHat Importer Affected by VCID-ked7-5tjg-nudx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1762.json 38.0.0
2026-04-01T14:36:31.294663+00:00 RedHat Importer Affected by VCID-eebz-xjem-cygz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1834.json 38.0.0
2026-04-01T14:36:31.253539+00:00 RedHat Importer Affected by VCID-51f2-w9b7-9fb4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1840.json 38.0.0
2026-04-01T14:36:31.210472+00:00 RedHat Importer Affected by VCID-vcq9-93xd-nfbe https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1838.json 38.0.0
2026-04-01T14:36:31.169666+00:00 RedHat Importer Affected by VCID-7h3p-7ej2-17f1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1839.json 38.0.0
2026-04-01T14:36:31.128729+00:00 RedHat Importer Affected by VCID-bk98-bfkg-7bdt https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1836.json 38.0.0
2026-04-01T14:36:31.086420+00:00 RedHat Importer Affected by VCID-t9pa-yw9s-kqb9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4449.json 38.0.0
2026-04-01T14:36:31.050451+00:00 RedHat Importer Affected by VCID-netm-9gxh-3yh4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4448.json 38.0.0
2026-04-01T14:36:31.013850+00:00 RedHat Importer Affected by VCID-e9c3-5gws-u3fp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1837.json 38.0.0
2026-04-01T14:36:30.976009+00:00 RedHat Importer Affected by VCID-wj66-7n6c-9kam https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1835.json 38.0.0
2026-04-01T14:36:30.939426+00:00 RedHat Importer Affected by VCID-tazr-2qgq-77fy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4447.json 38.0.0