Search for packages
| purl | pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4 |
| Next non-vulnerable version | 2.9.14+dfsg-1.3~deb12u3 |
| Latest non-vulnerable version | 2.9.14+dfsg-1.3~deb12u3 |
| Risk | 4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3mkc-h7u6-6beh
Aliases: CVE-2025-49796 |
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3zy6-h7hv-1yhr
Aliases: CVE-2025-6021 |
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-6h1b-etzt-juap
Aliases: CVE-2025-49794 |
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-6s1u-2xvj-vkbz
Aliases: CVE-2025-32415 |
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. |
Affected by 4 other vulnerabilities. |
|
VCID-9r6n-66y4-3be2
Aliases: CVE-2025-6170 |
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9ym4-6av7-aqe3
Aliases: CVE-2022-2309 GHSA-wrxv-2j5q-m38w PYSEC-2022-230 |
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. |
Affected by 4 other vulnerabilities. |
|
VCID-bbv4-xhu4-5fhd
Aliases: CVE-2023-45322 |
Use After Free This advisory has been marked as False Positive and removed. |
Affected by 4 other vulnerabilities. |
|
VCID-bzfw-1axb-wqcc
Aliases: CVE-2022-49043 |
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. |
Affected by 4 other vulnerabilities. |
|
VCID-d5gp-ggk5-mkh5
Aliases: CVE-2023-39615 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. |
Affected by 4 other vulnerabilities. |
|
VCID-e7ny-dgdx-wqhb
Aliases: CVE-2025-32414 |
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. |
Affected by 4 other vulnerabilities. |
|
VCID-fff8-g5p5-uba1
Aliases: CVE-2024-56171 |
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. |
Affected by 4 other vulnerabilities. |
|
VCID-h8dr-ab5d-e7f4
Aliases: CVE-2025-27113 |
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. |
Affected by 4 other vulnerabilities. |
|
VCID-s24p-gfz1-d7cs
Aliases: CVE-2025-24928 |
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. |
Affected by 4 other vulnerabilities. |
|
VCID-uhs1-t4hc-jqdk
Aliases: CVE-2016-3709 |
Possible cross-site scripting vulnerability in libxml after commit 960f0e2. |
Affected by 4 other vulnerabilities. |
|
VCID-x4wq-q8ae-kff2
Aliases: CVE-2024-25062 |
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. |
Affected by 4 other vulnerabilities. |
|
VCID-zxp8-ej4m-cban
Aliases: CVE-2024-34459 |
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1tg8-f975-q3b9 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. |
CVE-2022-40304
|
| VCID-3kn4-5bk5-7bht | libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Nokogiri has backported the patch for CVE-2020-7595 into its vendored version of libxml2, and released this as v1.10.8 CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and so Nokogiri versions <= v1.10.7 are vulnerable. |
CVE-2020-7595
GHSA-7553-jr98-vx47 |
| VCID-7745-ahpk-7ub6 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. |
CVE-2019-19956
|
| VCID-b7e6-kts2-7yhq | Nokogiri Implements libxml2 version vulnerable to use-after-free There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. |
CVE-2021-3518
GHSA-v4f8-2847-rwm7 |
| VCID-bpwu-gpw3-qkcp | Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Nokogiri 1.8.5 has been released. This is a security and bugfix release. It addresses two CVEs in upstream libxml2 rated as "medium" by Red Hat, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time, though you may want to check with your distro whether they've patched this (Canonical has patched Ubuntu packages). Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2. Full details about the security update are available in Github Issue #1785. [#1785]: https://github.com/sparklemotion/nokogiri/issues/1785 ----- [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in #1785. Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2. ----- CVE-2018-14404 Permalink: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14404.html Description: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application Canonical rates this vulnerability as "Priority: Medium" ----- CVE-2018-14567 Permalink: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14567.html Description: infinite loop in LZMA decompression Canonical rates this vulnerability as "Priority: Medium" |
CVE-2018-14404
GHSA-6qvp-r6r3-9p7h |
| VCID-ftr9-5h71-z3et | Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. |
CVE-2021-3537
GHSA-286v-pcf5-25rc |
| VCID-ge3f-yxqu-5fe1 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. |
CVE-2021-3516
|
| VCID-kt4k-xgcs-zkge | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. |
CVE-2018-14567
|
| VCID-mx2v-pgx9-w3cp | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. |
CVE-2022-40303
|
| VCID-p2vf-ezg6-xkfy | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. |
CVE-2022-29824
|
| VCID-qcfr-u9jt-1fex | Nokogiri gem, via libxml, is affected by DoS vulnerabilities The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.5. Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. |
CVE-2017-16932
GHSA-x2fm-93ww-ggvx |
| VCID-t2s3-2ehw-zkfu | Nokogiri contains libxml Out-of-bounds Write vulnerability There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Nokogiri prior to version 1.11.4 used a vulnerable version of libxml2. Nokogiri 1.11.4 updated libxml2 to version 2.9.11 to address this and other vulnerabilities in libxml2. |
CVE-2021-3517
GHSA-jw9f-hh49-cvp9 |
| VCID-uycx-qnb8-j3ax | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. |
CVE-2023-28484
|
| VCID-w2vx-75ad-cqc4 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. |
CVE-2020-24977
|
| VCID-xg4b-67a2-xfe9 |
CVE-2016-9318
|
|
| VCID-xpfw-8p6z-jucb | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. |
CVE-2019-20388
|
| VCID-y36w-m9px-c7c7 | Moderate severity vulnerability that affects nokogiri The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. References: - https://nvd.nist.gov/vuln/detail/CVE-2017-18258 - https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb - https://github.com/advisories/GHSA-882p-jqgm-f45g - https://kc.mcafee.com/corporate/index?page=content&id=SB10284 - https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html - https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html - https://security.netapp.com/advisory/ntap-20190719-0001/ - https://usn.ubuntu.com/3739-1/ |
CVE-2017-18258
GHSA-882p-jqgm-f45g |
| VCID-ypxg-52f8-gqe9 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. |
CVE-2022-23308
|
| VCID-z6qn-rugu-97eb | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. |
CVE-2021-3541
|
| VCID-zdd1-bz8t-rffx | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). |
CVE-2023-29469
|