VulnerableCode Package Details - pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-0.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-2fyr-85vm-aaak Aliases: CVE-2023-45322	DISPUTED libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."	2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities. 2.13.3+dfsg-0exp2 Affected by 0 other vulnerabilities. 2.14.1+dfsg-0exp1 Affected by 0 other vulnerabilities. 2.14.2+dfsg-0exp1 Affected by 0 other vulnerabilities.
VCID-4z87-yfha-aaaq Aliases: CVE-2023-39615	DISPUTED Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.	2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities. 2.13.3+dfsg-0exp2 Affected by 0 other vulnerabilities. 2.14.1+dfsg-0exp1 Affected by 0 other vulnerabilities. 2.14.2+dfsg-0exp1 Affected by 0 other vulnerabilities.
VCID-g16k-s1p7-aaaj Aliases: CVE-2024-25062	libxml2: use-after-free in XMLReader	2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities. 2.13.3+dfsg-0exp2 Affected by 0 other vulnerabilities. 2.14.1+dfsg-0exp1 Affected by 0 other vulnerabilities. 2.14.2+dfsg-0exp1 Affected by 0 other vulnerabilities.
VCID-r1rk-6c3m-v7ga Aliases: CVE-2025-32415	In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.	2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities. 2.14.2+dfsg-0exp1 Affected by 0 other vulnerabilities.
VCID-tcgj-5cj9-5yc9 Aliases: CVE-2025-32414	In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.	2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities. 2.14.2+dfsg-0exp1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2fyr-85vm-aaak
Aliases:
CVE-2023-45322

** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

2.12.7+dfsg+really2.9.14-1
Affected by 0 other vulnerabilities.

2.13.3+dfsg-0exp2
Affected by 0 other vulnerabilities.

2.14.1+dfsg-0exp1
Affected by 0 other vulnerabilities.