Libxml: type confusion leads to denial of service (dos)

...

The vulnerability of the `xmlSchematronGetNode` function in the Libxml2 library allows a attacker to trigger a service failure.

The vulnerability of the xmlSchematronGetNode function in the Libxml2 library is related to the pointer being dereferenced when its validity period has expired. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Rocky Linux Updates in ASCG 3.3.0

Multiple Rocky Linux updates applied to Brocade ASCG 3.3.0 RockyLinux 8:bzip2 RLSA-2025:0733 bzip2: bzip2: Data integrity error when decompressing with data integrity tests fail. CVE-2019-12900 RockyLinux 8:pam RLSA-2024:10379 pam: libpam: Libpam vulnerable to read hashed password CVE-2024-10041...

libxml: Type confusion leads to Denial of service (DoS)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

The vulnerability of the xmlBuildQName function in the Libxml2 library allows a attacker to cause a service failure.

The vulnerability of the xmlBuildQName function in the Libxml2 library is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause a service failure...

UBUNTU-CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

CVE-2025-49794 Libxml: heap use after free (uaf) leads to denial of service (dos)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

SUSE CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

XML External Entity (XXE) Injection

Overview phpoffice/math is a Math - Manipulate Math Formula Affected versions of this package are vulnerable to XML External Entity XXE Injection via the libxml extension and the LIBXMLDTDLOAD flag. An attacker can extract sensitive data or cause a denial of service by sending specially crafted X...

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

ALSA-2025:7418 Important: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...

CVE-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

libxml streams use wrong content-type header when requesting a redirected resource

...

Security update for php8

This update for php8 fixes the following issues: CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 CVE-2025-1219: Fixed libxml streams using wrong...

PHP 8.1.x < 8.1.32 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.3.x < 8.3.19 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.4.x < 8.4.5 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.2.x < 8.2.28 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...