6748 matches found
Astra Linux - уязвимость в libxml2
A issue was discovered in libxml2 before version 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters may overflow. This leads to an attempt to access an array at a negative 2GB offset, typically resulting in a segmentation fault...
Astra Linux - уязвимость в libxml2
In libxml2 versions before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer do not check for integer overflows. This can lead to out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software that uses libxml2’s...
Astra Linux - уязвимость в libxml2
A issue was discovered in libxml2 before version 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logical errors. In one case, a double-free can occur...
Astra Linux - уязвимость в libxml2
It was discovered that Xmlsoft Libxml2 v2.11.0 contains an out-of-bounds read vulnerability through the xmlSAX2StartElement function located at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS by providing a crafted XML file. NOTE: the vendor’s position is tha...
Astra Linux - уязвимость в libxml2
The vulnerability of the xmlMemStrdup function in the Libxml2 library is related to pointer manipulation errors. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в libxml2
A flaw was discovered in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function, where an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by...
Astra Linux - уязвимость в libxml2
In libxml2 versions before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings due to an incorrect return value. This issue occurs in the xmlPythonFileRead and xmlPythonFileReadRaw functions, caused by a discrepancy between bytes and characters...
Astra Linux - уязвимость в libxml2
The parser.c file in libxml2 before version 2.9.5 does not prevent infinite recursion in parameter entities...
Astra Linux - уязвимость в libxml2
A use-after-free vulnerability was discovered in libxml2. This issue occurs when parsing XPath elements under certain circumstances, especially when the XML schema includes the schema element. This flaw allows a malicious actor to create a malicious XML document that can be used as input for...
Astra Linux - уязвимость в libxml2
The xmlXIncludeAddNode function in xinclude.c within libxml2, prior to version 2.11.0, has a use-after-free issue...
Astra Linux - уязвимость в libxml2
In libxml2 versions before 2.12.10 and 2.13.x, before 2.13.6, there is a NULL pointer dereferencing in the xmlPatMatch function in pattern.c...
Astra Linux - уязвимость в libxml2
A issue was discovered in libxml2 before versions 2.11.7 and 2.12.x, and even before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to a use-after-free of the xmlValidatePopElement function...
Astra Linux - уязвимость в libxml2
In libxml2 versions before 2.13.8 and 2.14.x before 2.14.2, there is a issue where xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this vulnerability, a crafted XML document must be validated against an XML schema with certain identity constraints, or a...
Astra Linux - уязвимость в colord
There are two information disclosure vulnerabilities in colord, and they reside in colord/src/cd-device-db.c and colord/src/cd-profile-db.c, respectively. These vulnerabilities exist because the 'errmsg' of 'sqlite3exec' does not get released after use, whereas libxml2 requires that the caller mu...
Astra Linux - уязвимость в libxml2
A issue was discovered in libxml2 before version 2.10.4. When hashing empty dictionary strings in a crafted XML document, the xmlDictComputeFastKey function in dict.c can produce non-deterministic values, resulting in various logical and memory errors, such as double-free errors. This behavior...
Astra Linux - уязвимость в libxml2
The GNOME project’s libxml2 v2.9.10 has a global buffer over-read vulnerability in the xmlEncodeEntitiesInternal function within libxml2/entities.c. This issue has been fixed in the commit numbered 50f06b3e...
CLSA-2026-1779225366 libxml2: Fix of CVE-2022-2309
CVE-2022-2309: reset nsNr in xmlCtxtReset and htmlCtxtReset to prevent NULL pointer dereference / DoS triggered via crafted XML or HTML input reused across parser context resets...
CLSA-2026-1779215759 libxml2: Fix of CVE-2022-49043
CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...
Alibaba Cloud Linux 3 : 0104: libxml2 (ALINUX3-SA-2026:0104)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0104 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9714: Uncontrolled recursion inXPath...
RHSA-2026:15967 Red Hat Security Advisory: libxml2 security update
Bulletin has no description...