6886 matches found
Astra Linux - уязвимость в libxml2
In libxml2 versions before 2.12.10 and 2.13.x, before 2.13.6, there is a NULL pointer dereferencing in the xmlPatMatch function in pattern.c...
Astra Linux - уязвимость в libxml2
A flaw was discovered in the libxml2 library. This vulnerability arises from uncontrolled resource consumption when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this vulnerability by providing malicious catalogs,...
Astra Linux - уязвимость в libxml2
The vulnerability of the xmlBuildRelativeURI function in the uri.c component of the Libxml2 library is related to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to cause service failures remotely...
Astra Linux - уязвимость в libxml2
The parser.c file in libxml2 before version 2.9.5 does not prevent infinite recursion in parameter entities...
Astra Linux - уязвимость в libxml2
In libxml2 versions before 2.13.8 and 2.14.x before 2.14.2, there is a issue where xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this vulnerability, a crafted XML document must be validated against an XML schema with certain identity constraints, or a...
Astra Linux - уязвимость в libxml2
A issue was discovered in libxml2 before versions 2.11.7 and 2.12.x, and even before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to a use-after-free of the xmlValidatePopElement function...
Astra Linux - уязвимость в libxml2
A use-after-free vulnerability was discovered in libxml2. This issue occurs when parsing XPath elements under certain circumstances, especially when the XML schema includes the schema element. This flaw allows a malicious actor to create a malicious XML document that can be used as input for...
Astra Linux - уязвимость в libxml2
The xmlXIncludeAddNode function in xinclude.c within libxml2, prior to version 2.11.0, has a use-after-free issue...
Astra Linux - уязвимость в libxml2
The vulnerability of the xmlFAParseQuantExact function in the xmlregexp.c component of the Libxml2 library is related to integer overflow. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в libxml2
The vulnerability of the xmlStringGetNodeList function in the tree.c component of the Libxml2 library is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в colord
There are two information disclosure vulnerabilities in colord, and they reside in colord/src/cd-device-db.c and colord/src/cd-profile-db.c, respectively. These vulnerabilities exist because the 'errmsg' of 'sqlite3exec' does not get released after use, whereas libxml2 requires that the caller mu...
Astra Linux - уязвимость в libxml2
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier, as well as other products, does not provide a direct flag indicating that the current document may be read, but other files may not be opened. This makes it easier for remote attackers to carry out XML External Entity XXE attacks...
Astra Linux - уязвимость в libxml2
A issue was discovered in libxml2 before version 2.10.4. When hashing empty dictionary strings in a crafted XML document, the xmlDictComputeFastKey function in dict.c can produce non-deterministic values, resulting in various logical and memory errors, such as double-free errors. This behavior...
Astra Linux - уязвимость в libxml2
The GNOME project’s libxml2 v2.9.10 has a global buffer over-read vulnerability in the xmlEncodeEntitiesInternal function within libxml2/entities.c. This issue has been fixed in the commit numbered 50f06b3e...
CLSA-2026-1779225366 libxml2: Fix of CVE-2022-2309
CVE-2022-2309: reset nsNr in xmlCtxtReset and htmlCtxtReset to prevent NULL pointer dereference / DoS triggered via crafted XML or HTML input reused across parser context resets...
CLSA-2026-1779215759 libxml2: Fix of CVE-2022-49043
CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...
Alibaba Cloud Linux 3 : 0104: libxml2 (ALINUX3-SA-2026:0104)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0104 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9714: Uncontrolled recursion inXPath...
RHSA-2026:15967 Red Hat Security Advisory: libxml2 security update
Bulletin has no description...
libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...
Moderate: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...