612 matches found
K000152952: libxml2 vulnerability CVE-2025-6021
Security Advisory Description A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. CVE-2025-6021 Impact...
Linux Distros Unpatched Vulnerability : CVE-2024-40896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers t...
CVE-2025-8732
A flaw was found in libxml2. The xmlParseSGMLCatalog function within the xmlcatalog component exhibits uncontrolled recursion when processing a specially crafted catalog file. A local attacker can trigger this recursive behavior, which can lead to an application level denial of service. Mitigatio...
Linux Distros Unpatched Vulnerability : CVE-2025-6021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue...
K000152930: libxml2 vulnerability CVE-2025-24928
Security Advisory Description libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. CVE-2025-24928 Impact...
CVE-2025-8732
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...
CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...
CVE-2025-8732
CVE-2025-8732 affects libxml2 up to 2.14.5, with a vulnerability in xmlParseSGMLCatalog that can trigger uncontrolled recursion during SGML catalog processing. Local attackers are required, and exploit details have circulated publicly; the real-world impact remains debated in some sources. Severa...
libxml2 安全漏洞
libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.14.5 and earlier, which stems from an uncontrolled recursion problem...
PT-2025-32375
Name of the Vulnerable Software and Affected Versions libxml2 versions up to 2.14.5 Description A vulnerability exists in libxml2 related to uncontrolled recursion within the xmlParseSGMLCatalog function of the xmlcatalog component. The issue can be triggered with untrusted SGML catalogs. The...
AlmaLinux 9 : libxml2 (ALSA-2025:13428)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13428 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providin...
ROS-20250807-01
A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a stacked buffer overflow. Exploitation The vulnerability could allow a remote attacker to cause a denial of service...
RHEL 9 : libxml2 (RHSA-2025:13314)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13314 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: Heap Use-After-Free in...
RHEL 9 : libxml2 (RHSA-2025:13309)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13309 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: Heap Use-After-Free in...
RHEL 9 : libxml2 (RHSA-2025:13312)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13312 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: Heap Use-After-Free in...
RHEL 10 : libxml2 (RHSA-2025:13429)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13429 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-Bounds...
CentOS 9 : libxml2-2.9.13-12.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libxml2-2.9.13-12.el9 build changelog. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To...
RHEL 9 : libxml2 (RHSA-2025:13428)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13428 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-Bounds...
Advisory ROSA-SA-2025-2937
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-9 affected versions libxml2-2.9.14-9 CVE-ID: CVE-2025-32414 BDU-ID: 2025-05199 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Python API component of the libxml2 library involves incorrect validation of the return val...
ROS-20250806-06
Vulnerability in the libxml2 XML file parsing library is related to boundary checking errors in the shell xmllint - shell.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system...