JLSEC-2025-67 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...

JLSEC-2025-78 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

JLSEC-2025-89 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Pyth...

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

JLSEC-2025-81 Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement(...

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

JLSEC-2025-73 A flaw was found in libxml2

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

JLSEC-2025-90 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a ...

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

JLSEC-2025-84 An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

JLSEC-2025-87 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElem...

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

JLSEC-2025-77 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

JLSEC-2025-69 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesIntern...

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...

JLSEC-2025-85 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free...

Advisory ROSA-SA-2025-3031

software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-10 affected versions libxml2-2.9.14-10 CVE-ID: CVE-2025-9714 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability: uncontrolled recursion in evalXPath of libxml2 library before 2.9.14, allowing a local attacker to cau...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-2203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-2235)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2025-2203)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1)

The version of AHV installed on the remote host is prior to AHV-10.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1 advisory. - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103072)

The version of AHV installed on the remote host is prior to 20230302.103072. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103072 advisory. - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could...

CLSA-2025-1760017744 Fix CVE(s): CVE-2025-6491

SECURITY UPDATE: fix NULL pointer dereference in SOAP with huge QName - debian/patches/CVE-2025-6491.patch: Add safeguard in ext/soap/soap.c to handle invalid XML node names produced by libxml2 with extremely large namespace prefixes - CVE-2025-6491...

CLSA-2025-1760017411 Fix CVE(s): CVE-2025-6491

SECURITY UPDATE: fix NULL pointer dereference in SOAP with huge QName - debian/patches/CVE-2025-6491.patch: Add safeguard in ext/soap/soap.c to handle invalid XML node names produced by libxml2 with extremely large namespace prefixes - CVE-2025-6491...

AlmaLinux 10 : libxml2 (ALSA-2025:10630)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10630 advisory. libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Null pointer dereference leads to Denial of service DoS...