Vulnerabilities in libxml2 (CVE-2026-0989 CVE-2026-0990 CVE-2026-0992) affect AIX

IBM SECURITY ADVISORY First Issued: Thu May 28 14:13:09 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2advisory11.asc Security Bulletin: Vulnerabilities in libxml2 CVE-2026-0989, CVE-2026-0990, CVE-2026-0992,...

Astra Linux - уязвимость в libxml2

A flaw was discovered in libxml2. Exponential entity expansion could potentially bypass all existing protection mechanisms, leading to a denial of service...

Oracle Linux 9 : libxml2 (ELSA-2025-13428)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-13428 advisory. - Fix CVE-2025-32415 RHEL-100182 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

CVE-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

DEBIAN-CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

PT-2018-2348

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.9 Description The issue is related to a NULL pointer dereference vulnerability in the xpath.c:xmlXPathCompOpEval function of libxml2. This vulnerability can be exploited by a remote attacker, allowing them to caus...

DEBIAN-CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

libxml2: Heap-based buffer overflow in xmlParseXmlDecl

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

DEBIAN-CVE-2015-8806

dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the "!DOCTYPE html" substring in a crafted HTML document...

libxml2 Denial of Service Vulnerability (CNVD-2015-08376)

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in the 'xmlSAX2TextNode' function in the SAX2.c file of t...