Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/libxml2@2.9.1-6.el7?arch=4
purl pkg:rpm/redhat/libxml2@2.9.1-6.el7?arch=4
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-3s4n-twju-b3dw
Aliases:
CVE-2015-8035
Uncontrolled Resource Consumption The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. There are no reported fixed by versions.
VCID-9q49-2srz-rkg7
Aliases:
CVE-2016-5131
Use After Free Use-after-free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. There are no reported fixed by versions.
VCID-bejh-22y7-kuh6
Aliases:
CVE-2018-14404
GHSA-6qvp-r6r3-9p7h
NULL Pointer Dereference A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. There are no reported fixed by versions.
VCID-t53m-6vvr-27cf
Aliases:
CVE-2018-14567
Loop with Unreachable Exit Condition ('Infinite Loop') libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. There are no reported fixed by versions.
VCID-tn87-vke6-kuf6
Aliases:
CVE-2017-15412
GHSA-r58r-74gx-6wx3
Use After Free Use after free in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. There are no reported fixed by versions.
VCID-wc4g-sxyq-ubcd
Aliases:
CVE-2017-18258
GHSA-882p-jqgm-f45g
Allocation of Resources Without Limits or Throttling The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:39:27.551173+00:00 RedHat Importer Affected by VCID-3s4n-twju-b3dw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8035.json 38.0.0
2026-04-01T14:35:50.549787+00:00 RedHat Importer Affected by VCID-9q49-2srz-rkg7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json 38.0.0
2026-04-01T14:28:56.296542+00:00 RedHat Importer Affected by VCID-wc4g-sxyq-ubcd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json 38.0.0
2026-04-01T14:26:56.121853+00:00 RedHat Importer Affected by VCID-tn87-vke6-kuf6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json 38.0.0
2026-04-01T14:25:33.537960+00:00 RedHat Importer Affected by VCID-t53m-6vvr-27cf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json 38.0.0
2026-04-01T14:23:55.066247+00:00 RedHat Importer Affected by VCID-bejh-22y7-kuh6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json 38.0.0