Search for packages
Package details: pkg:alpm/archlinux/libxml2@2.9.13-1
purl pkg:alpm/archlinux/libxml2@2.9.13-1
Next non-vulnerable version 2.9.14-1
Latest non-vulnerable version 2.9.14-1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-n3rk-tdn9-aaaa
Aliases:
CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
2.9.14-1
Affected by 0 other vulnerabilities.
VCID-xaum-qp9b-aaae
Aliases:
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
2.9.14-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:45:15.894608+00:00 Arch Linux Importer Affected by VCID-n3rk-tdn9-aaaa https://security.archlinux.org/AVG-2726 36.0.0
2025-03-28T07:45:15.876001+00:00 Arch Linux Importer Affected by VCID-xaum-qp9b-aaae https://security.archlinux.org/AVG-2726 36.0.0
2024-09-18T02:00:11.881263+00:00 Arch Linux Importer Affected by VCID-n3rk-tdn9-aaaa https://security.archlinux.org/AVG-2726 34.0.1
2024-09-18T02:00:11.856248+00:00 Arch Linux Importer Affected by VCID-xaum-qp9b-aaae https://security.archlinux.org/AVG-2726 34.0.1
2024-01-03T22:26:26.286466+00:00 Arch Linux Importer Affected by VCID-n3rk-tdn9-aaaa https://security.archlinux.org/AVG-2726 34.0.0rc1
2024-01-03T22:26:26.267653+00:00 Arch Linux Importer Affected by VCID-xaum-qp9b-aaae https://security.archlinux.org/AVG-2726 34.0.0rc1