VulnerableCode Package Details - pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3

Search for packages

Package details: pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3

Essentials
History (4)

purl	pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3
Tags	Ghost

Next non-vulnerable version	2.12.7+dfsg+really2.9.14-1
Latest non-vulnerable version	2.12.7+dfsg+really2.9.14-1
Risk	3.4

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2fyr-85vm-aaak Aliases: CVE-2023-45322	DISPUTED libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."	2.12.7+dfsg-3 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.1 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.2 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.4 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities. 2.13.3+dfsg-0exp2 Affected by 0 other vulnerabilities. 2.14.1+dfsg-0exp1 Affected by 0 other vulnerabilities. 2.14.2+dfsg-0exp1 Affected by 0 other vulnerabilities.
VCID-4z87-yfha-aaaq Aliases: CVE-2023-39615	DISPUTED Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.	2.12.7+dfsg-3 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.1 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.2 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.4 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities. 2.13.3+dfsg-0exp2 Affected by 0 other vulnerabilities. 2.14.1+dfsg-0exp1 Affected by 0 other vulnerabilities. 2.14.2+dfsg-0exp1 Affected by 0 other vulnerabilities.
VCID-g16k-s1p7-aaaj Aliases: CVE-2024-25062	libxml2: use-after-free in XMLReader	2.12.7+dfsg-3 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.1 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.2 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.4 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities. 2.13.3+dfsg-0exp2 Affected by 0 other vulnerabilities. 2.14.1+dfsg-0exp1 Affected by 0 other vulnerabilities. 2.14.2+dfsg-0exp1 Affected by 0 other vulnerabilities.
VCID-jwte-g6t3-aaap Aliases: CVE-2024-34459	An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.	2.12.7+dfsg-3 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.1 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.2 Affected by 0 other vulnerabilities. 2.12.7+dfsg+really2.9.14-0.4 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.12.7+dfsg+really2.9.14-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-25T20:03:27.857261+00:00	Debian Importer	Affected by	VCID-jwte-g6t3-aaap	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-09-25T18:03:22.616663+00:00	Debian Importer	Affected by	VCID-g16k-s1p7-aaaj	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-09-20T05:18:37.759918+00:00	Debian Importer	Affected by	VCID-2fyr-85vm-aaak	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-09-20T04:24:04.465827+00:00	Debian Importer	Affected by	VCID-4z87-yfha-aaaq	https://security-tracker.debian.org/tracker/data/json	34.0.1