Advisory ROSA-SA-2025-2710

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1 CVE-ID: CVE-2021-3518 BDU-ID: 2021-05283 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xinclude.c component of the Libxml2 library is related to memory usage after it has been freed. Exploitation of th...

Stack-based Buffer Overflow

libxml2 and nokogiri are vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper input validation due to a flaw in xmlSnprintfElements in valid.c, which can be exploited when DTD validation occurs for an untrusted document or untrusted DTD...

Siemens SCALANCE W700 NULL Pointer Dereference (CVE-2023-28484)

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SCALANCE W700 Double Free (CVE-2023-29469)

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

Debian: Security Advisory (DLA-4064-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens SCALANCE W700 Double Free (CVE-2022-40304)

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. This plugin only works with Tenable.ot. Please visit...

[SECURITY] [DLA 4064-1] libxml2 security update

Debian LTS Advisory DLA-4064-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost February 22, 2025 https://wiki.debian.org/LTS Package : libxml2 Version : 2.9.10+dfsg-6.7+deb11u6 CVE ID : CVE-2022-49043 CVE-2023-39615 CVE-2023-45322 CVE-2024-25062 CVE-2024-56171...

Debian dla-4064 : libxml2 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4064 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4064-1 [email protected]...

DLA-4064-1 libxml2 - security update

Bulletin has no description...

Important: libxml2

Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Issue Correction: Run dnf update libxml2 --releasever 2023.6.20250218 or dnf update --advisory ALAS2023-2025-862 --releasever 2023.6.20250218 to update your...

Important: libxml2

Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Issue Correction: Run dnf update libxml2 --releasever 2023.6.20250218 to update your system. New Packages: aarch64: ...

OPENSUSE-SU-2025:14830-1 libxml2-2-2.13.6-1.1 on GA media

These are all security issues fixed in the libxml2-2-2.13.6-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

SUSE CVE-2025-24928

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

SUSE CVE-2025-27113

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c...

Slackware: Security Advisory (SSA:2025-050-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-5MWF-688X-MR7X Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvfq-8hwr-qm4m. This link is maintained to preserve external references. Original Description Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6. libxml2 v2.13.6 addresses: - CVE-2025-24928 -...

Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvfq-8hwr-qm4m. This link is maintained to preserve external references. Original Description Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6. libxml2 v2.13.6 addresses: - CVE-2025-24928 -...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.11.9-i586-2slack15.0.txz: Rebuilt. This update fixes security issues: Fix stack-buffer-overflow in xmlSnprintfElements. Fix...

CVE-2025-24928

A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD...