Search for packages
| purl | pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u1 |
| Next non-vulnerable version | 2.12.7+dfsg+really2.9.14-1 |
| Latest non-vulnerable version | 2.12.7+dfsg+really2.9.14-1 |
| Risk | 3.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2fyr-85vm-aaak
Aliases: CVE-2023-45322 |
** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4kh8-6c5m-sycp
Aliases: CVE-2022-49043 |
libxml: use-after-free in xmlXIncludeAddNode |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4z87-yfha-aaaq
Aliases: CVE-2023-39615 |
** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fv91-qz3t-mbhe
Aliases: CVE-2024-56171 |
libxml2: Use-After-Free in libxml2 |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-g16k-s1p7-aaaj
Aliases: CVE-2024-25062 |
libxml2: use-after-free in XMLReader |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hwbg-k6j9-73ay
Aliases: CVE-2025-24928 |
libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-jwte-g6t3-aaap
Aliases: CVE-2024-34459 |
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-r1rk-6c3m-v7ga
Aliases: CVE-2025-32415 |
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tcgj-5cj9-5yc9
Aliases: CVE-2025-32414 |
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wyr5-ekxy-cqfy
Aliases: CVE-2025-27113 |
libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2fyr-85vm-aaak | ** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." |
CVE-2023-45322
|
| VCID-4kh8-6c5m-sycp | libxml: use-after-free in xmlXIncludeAddNode |
CVE-2022-49043
|
| VCID-4z87-yfha-aaaq | ** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. |
CVE-2023-39615
|
| VCID-8j39-d27x-aaaa | Possible cross-site scripting vulnerability in libxml after commit 960f0e2. |
CVE-2016-3709
|
| VCID-fv91-qz3t-mbhe | libxml2: Use-After-Free in libxml2 |
CVE-2024-56171
|
| VCID-g16k-s1p7-aaaj | libxml2: use-after-free in XMLReader |
CVE-2024-25062
|
| VCID-gufu-nks1-aaag | NULL Pointer Dereference in lxml |
CVE-2022-2309
GHSA-wrxv-2j5q-m38w PYSEC-2022-230 |
| VCID-hwbg-k6j9-73ay | libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 |
CVE-2025-24928
|
| VCID-r1rk-6c3m-v7ga | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. |
CVE-2025-32415
|
| VCID-tcgj-5cj9-5yc9 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. |
CVE-2025-32414
|
| VCID-wyr5-ekxy-cqfy | libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch |
CVE-2025-27113
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T09:52:17.650144+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 36.1.3 |
| 2025-06-22T03:03:58.016668+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | None | 36.1.3 |
| 2025-06-22T02:14:12.801268+00:00 | Debian Importer | Affected by | VCID-tcgj-5cj9-5yc9 | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-22T00:45:42.278362+00:00 | Debian Importer | Affected by | VCID-wyr5-ekxy-cqfy | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T19:34:30.402359+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T09:42:24.288618+00:00 | Debian Importer | Affected by | VCID-2fyr-85vm-aaak | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T02:28:33.970225+00:00 | Debian Importer | Affected by | VCID-fv91-qz3t-mbhe | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T00:42:30.069144+00:00 | Debian Importer | Affected by | VCID-hwbg-k6j9-73ay | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T00:24:02.967704+00:00 | Debian Importer | Affected by | VCID-g16k-s1p7-aaaj | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T23:56:52.201446+00:00 | Debian Importer | Affected by | VCID-jwte-g6t3-aaap | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T23:08:49.186172+00:00 | Debian Importer | Affected by | VCID-r1rk-6c3m-v7ga | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T21:43:02.650410+00:00 | Debian Importer | Affected by | VCID-4z87-yfha-aaaq | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T21:37:38.918156+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-05-06T18:45:30.284488+00:00 | Debian Oval Importer | Fixing | VCID-tcgj-5cj9-5yc9 | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-05-06T18:45:26.429434+00:00 | Debian Oval Importer | Fixing | VCID-r1rk-6c3m-v7ga | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-05-04T23:04:58.773857+00:00 | Debian Importer | Affected by | VCID-tcgj-5cj9-5yc9 | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-03T01:08:52.052947+00:00 | Debian Importer | Affected by | VCID-r1rk-6c3m-v7ga | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-13T03:14:36.340835+00:00 | Debian Oval Importer | Fixing | VCID-4z87-yfha-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T03:12:39.242953+00:00 | Debian Oval Importer | Fixing | VCID-fv91-qz3t-mbhe | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T03:12:11.699567+00:00 | Debian Oval Importer | Fixing | VCID-2fyr-85vm-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T03:11:16.563335+00:00 | Debian Oval Importer | Fixing | VCID-hwbg-k6j9-73ay | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T03:01:03.745217+00:00 | Debian Oval Importer | Fixing | VCID-wyr5-ekxy-cqfy | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T02:55:03.099594+00:00 | Debian Oval Importer | Fixing | VCID-4kh8-6c5m-sycp | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T02:52:18.736813+00:00 | Debian Oval Importer | Fixing | VCID-g16k-s1p7-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:16.669177+00:00 | Debian Oval Importer | Fixing | VCID-8j39-d27x-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:57:36.266676+00:00 | Debian Oval Importer | Fixing | VCID-gufu-nks1-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-06T18:16:02.642667+00:00 | Debian Importer | Affected by | VCID-4kh8-6c5m-sycp | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-06T03:15:28.176630+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 36.0.0 |
| 2025-04-05T22:18:52.756937+00:00 | Debian Importer | Affected by | VCID-fv91-qz3t-mbhe | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T21:25:10.876783+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | None | 36.0.0 |
| 2025-04-05T19:40:47.739714+00:00 | Debian Importer | Affected by | VCID-wyr5-ekxy-cqfy | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T15:45:03.019014+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T06:59:09.214981+00:00 | Debian Importer | Affected by | VCID-2fyr-85vm-aaak | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T06:56:09.843981+00:00 | Debian Importer | Affected by | VCID-g16k-s1p7-aaaj | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T03:25:33.337967+00:00 | Debian Importer | Affected by | VCID-hwbg-k6j9-73ay | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T02:38:26.263335+00:00 | Debian Importer | Affected by | VCID-jwte-g6t3-aaap | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T00:20:27.947647+00:00 | Debian Importer | Affected by | VCID-4z87-yfha-aaaq | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T00:14:56.727494+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-02-21T22:09:40.151572+00:00 | Debian Importer | Affected by | VCID-jwte-g6t3-aaap | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-21T18:44:47.059124+00:00 | Debian Importer | Affected by | VCID-g16k-s1p7-aaaj | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-21T14:15:47.782801+00:00 | Debian Importer | Affected by | VCID-2fyr-85vm-aaak | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-21T12:57:14.728069+00:00 | Debian Importer | Affected by | VCID-4z87-yfha-aaaq | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-20T17:49:26.611331+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | None | 35.1.0 |
| 2025-02-20T17:49:23.746144+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-18T17:21:58.121101+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-18T17:21:56.676149+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 35.1.0 |
| 2024-11-24T09:44:11.317781+00:00 | Debian Importer | Affected by | VCID-jwte-g6t3-aaap | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-24T07:10:44.192370+00:00 | Debian Importer | Affected by | VCID-g16k-s1p7-aaaj | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-24T03:14:39.201478+00:00 | Debian Importer | Affected by | VCID-2fyr-85vm-aaak | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-24T02:09:58.634393+00:00 | Debian Importer | Affected by | VCID-4z87-yfha-aaaq | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-21T15:18:56.342106+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-21T15:18:54.891826+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 35.0.0 |
| 2024-11-19T14:45:22.510255+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.3.2 |
| 2024-11-19T14:45:21.098532+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 34.3.2 |
| 2024-10-11T05:56:50.331165+00:00 | Debian Importer | Affected by | VCID-jwte-g6t3-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-11T03:51:12.915473+00:00 | Debian Importer | Affected by | VCID-g16k-s1p7-aaaj | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-11T00:40:31.799324+00:00 | Debian Importer | Affected by | VCID-2fyr-85vm-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-10T23:47:47.535531+00:00 | Debian Importer | Affected by | VCID-4z87-yfha-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-08T16:11:23.542496+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-08T16:11:22.127863+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 34.0.2 |
| 2024-09-25T20:03:27.851590+00:00 | Debian Importer | Affected by | VCID-jwte-g6t3-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-25T18:03:22.611083+00:00 | Debian Importer | Affected by | VCID-g16k-s1p7-aaaj | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-20T05:18:37.754587+00:00 | Debian Importer | Affected by | VCID-2fyr-85vm-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-20T04:24:04.458142+00:00 | Debian Importer | Affected by | VCID-4z87-yfha-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-18T04:58:49.181551+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-18T04:58:47.828307+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 34.0.1 |
| 2024-04-25T12:22:08.072696+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-25T12:22:01.424323+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | None | 34.0.0rc4 |
| 2024-04-24T10:11:38.693496+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T10:11:34.158993+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 34.0.0rc4 |
| 2024-01-11T14:15:37.975511+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-11T14:15:33.046952+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | None | 34.0.0rc2 |
| 2024-01-10T11:58:20.003239+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T11:58:01.905827+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 34.0.0rc2 |
| 2024-01-04T23:47:00.549945+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T23:46:56.214167+00:00 | Debian Importer | Fixing | VCID-gufu-nks1-aaag | None | 34.0.0rc1 |
| 2024-01-04T03:52:41.742464+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T03:52:37.727681+00:00 | Debian Importer | Fixing | VCID-8j39-d27x-aaaa | None | 34.0.0rc1 |