Filtered by vendor Xmlsoft
Subscriptions
Filtered by product Libxml2
Subscriptions
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6170 | 2 Redhat, Xmlsoft | 5 Enterprise Linux, Jboss Core Services, Openshift and 2 more | 2025-11-07 | 2.5 Low |
| A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. | ||||
| CVE-2024-34459 | 1 Xmlsoft | 2 Libxml2, Xmllint | 2025-11-04 | 7.5 High |
| An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. | ||||
| CVE-2022-2309 | 4 Fedoraproject, Lxml, Redhat and 1 more | 4 Fedora, Lxml, Enterprise Linux and 1 more | 2025-11-04 | 7.5 High |
| NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | ||||
| CVE-2025-27113 | 1 Xmlsoft | 1 Libxml2 | 2025-11-03 | 2.9 Low |
| libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. | ||||
| CVE-2025-24928 | 3 Netapp, Redhat, Xmlsoft | 28 Active Iq Unified Manager, H300s, H300s Firmware and 25 more | 2025-11-03 | 7.8 High |
| libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | ||||
| CVE-2024-25062 | 2 Redhat, Xmlsoft | 4 Enterprise Linux, Jboss Core Services, Rhel Eus and 1 more | 2025-11-03 | 7.5 High |
| An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. | ||||
| CVE-2024-56171 | 3 Netapp, Redhat, Xmlsoft | 28 Active Iq Unified Manager, H300s, H300s Firmware and 25 more | 2025-11-03 | 7.8 High |
| libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | ||||
| CVE-2023-45322 | 1 Xmlsoft | 1 Libxml2 | 2025-11-03 | 6.5 Medium |
| libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." | ||||
| CVE-2023-39615 | 2 Redhat, Xmlsoft | 6 Enterprise Linux, Jboss Core Services, Openshift and 3 more | 2025-11-03 | 6.5 Medium |
| Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. | ||||
| CVE-2022-49043 | 2 Redhat, Xmlsoft | 6 Discovery, Enterprise Linux, Openshift and 3 more | 2025-11-03 | 8.1 High |
| xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | ||||
| CVE-2025-32415 | 1 Xmlsoft | 1 Libxml2 | 2025-11-03 | 2.9 Low |
| In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | ||||
| CVE-2025-32414 | 2 Redhat, Xmlsoft | 2 Enterprise Linux, Libxml2 | 2025-11-03 | 5.6 Medium |
| In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. | ||||
| CVE-2025-9714 | 2 Gnome, Xmlsoft | 2 Libxml2, Libxml2 | 2025-11-03 | 6.2 Medium |
| Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled. | ||||
| CVE-2025-6021 | 2 Redhat, Xmlsoft | 29 Discovery, Enterprise Linux, Enterprise Linux Eus and 26 more | 2025-10-27 | 7.5 High |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | ||||
| CVE-2023-28484 | 3 Debian, Redhat, Xmlsoft | 5 Debian Linux, Enterprise Linux, Jboss Core Services and 2 more | 2025-05-30 | 6.5 Medium |
| In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. | ||||
| CVE-2022-23308 | 7 Apple, Debian, Fedoraproject and 4 more | 46 Ipados, Iphone Os, Mac Os X and 43 more | 2025-05-05 | 7.5 High |
| valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | ||||
| CVE-2022-40303 | 4 Apple, Netapp, Redhat and 1 more | 25 Ipados, Iphone Os, Macos and 22 more | 2025-04-29 | 7.5 High |
| An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. | ||||
| CVE-2022-40304 | 4 Apple, Netapp, Redhat and 1 more | 25 Ipados, Iphone Os, Macos and 22 more | 2025-04-28 | 7.8 High |
| An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | ||||
| CVE-2017-16931 | 1 Xmlsoft | 1 Libxml2 | 2025-04-20 | N/A |
| parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. | ||||
| CVE-2017-9049 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2025-04-20 | N/A |
| libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. | ||||