Search for packages
| purl | pkg:conan/libxml2@2.9.13 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2fyr-85vm-aaak
Aliases: CVE-2023-45322 |
** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." |
Affected by 1 other vulnerability. |
|
VCID-3q3t-625m-aaak
Aliases: CVE-2023-28484 |
NULL Pointer Dereference In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. |
Affected by 3 other vulnerabilities. |
|
VCID-4z87-yfha-aaaq
Aliases: CVE-2023-39615 |
** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-b8ge-qb4s-aaad
Aliases: CVE-2022-40304 |
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. |
Affected by 5 other vulnerabilities. |
|
VCID-fke8-gpzm-aaad
Aliases: CVE-2022-40303 |
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. |
Affected by 5 other vulnerabilities. |
|
VCID-wunb-embq-aaaq
Aliases: CVE-2023-29469 |
Double Free An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). |
Affected by 3 other vulnerabilities. |
|
VCID-xaum-qp9b-aaae
Aliases: CVE-2022-29824 |
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. |
Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-17T22:48:08.541339+00:00 | GitLab Importer | Fixing | VCID-n3rk-tdn9-aaaa | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-23308.yml | 34.0.1 |
| 2024-01-10T05:16:57.228925+00:00 | GitLab Importer | Affected by | VCID-2fyr-85vm-aaak | None | 34.0.0rc2 |
| 2024-01-10T05:16:06.631732+00:00 | GitLab Importer | Affected by | VCID-4z87-yfha-aaaq | None | 34.0.0rc2 |
| 2024-01-10T05:16:06.510701+00:00 | GitLab Importer | Affected by | VCID-4z87-yfha-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2023-39615.yml | 34.0.0rc2 |
| 2024-01-10T05:13:15.515469+00:00 | GitLab Importer | Affected by | VCID-wunb-embq-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2023-29469.yml | 34.0.0rc2 |
| 2024-01-10T05:13:11.948170+00:00 | GitLab Importer | Affected by | VCID-wunb-embq-aaaq | None | 34.0.0rc2 |
| 2024-01-10T05:13:04.034878+00:00 | GitLab Importer | Affected by | VCID-3q3t-625m-aaak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2023-28484.yml | 34.0.0rc2 |
| 2024-01-10T05:13:03.916638+00:00 | GitLab Importer | Affected by | VCID-3q3t-625m-aaak | None | 34.0.0rc2 |
| 2024-01-10T05:07:57.964443+00:00 | GitLab Importer | Affected by | VCID-b8ge-qb4s-aaad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-40304.yml | 34.0.0rc2 |
| 2024-01-10T05:07:57.527846+00:00 | GitLab Importer | Affected by | VCID-b8ge-qb4s-aaad | None | 34.0.0rc2 |
| 2024-01-10T05:07:47.602025+00:00 | GitLab Importer | Affected by | VCID-fke8-gpzm-aaad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-40303.yml | 34.0.0rc2 |
| 2024-01-10T05:07:41.475503+00:00 | GitLab Importer | Affected by | VCID-fke8-gpzm-aaad | None | 34.0.0rc2 |
| 2024-01-10T05:03:50.426133+00:00 | GitLab Importer | Affected by | VCID-xaum-qp9b-aaae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-29824.yml | 34.0.0rc2 |
| 2024-01-10T05:03:50.109020+00:00 | GitLab Importer | Affected by | VCID-xaum-qp9b-aaae | None | 34.0.0rc2 |
| 2024-01-10T04:59:36.826251+00:00 | GitLab Importer | Fixing | VCID-n3rk-tdn9-aaaa | None | 34.0.0rc2 |
| 2024-01-10T04:59:27.626404+00:00 | GitLab Importer | Fixing | VCID-n3rk-tdn9-aaaa | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-23308.yml | 34.0.0rc2 |
| 2024-01-03T22:04:47.307557+00:00 | GitLab Importer | Affected by | VCID-2fyr-85vm-aaak | None | 34.0.0rc1 |
| 2024-01-03T22:03:57.157933+00:00 | GitLab Importer | Affected by | VCID-4z87-yfha-aaaq | None | 34.0.0rc1 |
| 2024-01-03T22:03:57.035982+00:00 | GitLab Importer | Affected by | VCID-4z87-yfha-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2023-39615.yml | 34.0.0rc1 |
| 2024-01-03T22:01:01.828920+00:00 | GitLab Importer | Affected by | VCID-wunb-embq-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2023-29469.yml | 34.0.0rc1 |
| 2024-01-03T22:00:58.382278+00:00 | GitLab Importer | Affected by | VCID-wunb-embq-aaaq | None | 34.0.0rc1 |
| 2024-01-03T22:00:50.392505+00:00 | GitLab Importer | Affected by | VCID-3q3t-625m-aaak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2023-28484.yml | 34.0.0rc1 |
| 2024-01-03T22:00:50.278880+00:00 | GitLab Importer | Affected by | VCID-3q3t-625m-aaak | None | 34.0.0rc1 |
| 2024-01-03T21:55:42.446583+00:00 | GitLab Importer | Affected by | VCID-b8ge-qb4s-aaad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-40304.yml | 34.0.0rc1 |
| 2024-01-03T21:55:42.109705+00:00 | GitLab Importer | Affected by | VCID-b8ge-qb4s-aaad | None | 34.0.0rc1 |
| 2024-01-03T21:55:32.291032+00:00 | GitLab Importer | Affected by | VCID-fke8-gpzm-aaad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-40303.yml | 34.0.0rc1 |
| 2024-01-03T21:55:26.162400+00:00 | GitLab Importer | Affected by | VCID-fke8-gpzm-aaad | None | 34.0.0rc1 |
| 2024-01-03T21:51:34.491999+00:00 | GitLab Importer | Affected by | VCID-xaum-qp9b-aaae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-29824.yml | 34.0.0rc1 |
| 2024-01-03T21:51:34.164726+00:00 | GitLab Importer | Affected by | VCID-xaum-qp9b-aaae | None | 34.0.0rc1 |
| 2024-01-03T21:47:22.397685+00:00 | GitLab Importer | Fixing | VCID-n3rk-tdn9-aaaa | None | 34.0.0rc1 |
| 2024-01-03T18:09:12.824737+00:00 | GitLab Importer | Fixing | VCID-n3rk-tdn9-aaaa | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libxml2/CVE-2022-23308.yml | 34.0.0rc1 |