VulnerableCode Package Details - pkg:alpm/archlinux/libxml2@2.9.10-6

Search for packages

Package details: pkg:alpm/archlinux/libxml2@2.9.10-6

Essentials
History (3)

purl	pkg:alpm/archlinux/libxml2@2.9.10-6

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-3kn4-5bk5-7bht	libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Nokogiri has backported the patch for CVE-2020-7595 into its vendored version of libxml2, and released this as v1.10.8 CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and so Nokogiri versions <= v1.10.7 are vulnerable.	CVE-2020-7595 GHSA-7553-jr98-vx47
VCID-w2vx-75ad-cqc4	GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.	CVE-2020-24977
VCID-xpfw-8p6z-jucb	xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.	CVE-2019-20388

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T11:38:10.412922+00:00	Arch Linux Importer	Fixing	VCID-xpfw-8p6z-jucb	https://security.archlinux.org/AVG-1263	37.0.0
2025-07-31T11:38:10.383927+00:00	Arch Linux Importer	Fixing	VCID-w2vx-75ad-cqc4	https://security.archlinux.org/AVG-1263	37.0.0
2025-07-31T11:38:10.355205+00:00	Arch Linux Importer	Fixing	VCID-3kn4-5bk5-7bht	https://security.archlinux.org/AVG-1263	37.0.0