CVE-2025-26434

In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26434

CVE-2025-26434 involves libxml2 with a vulnerability described as an out-of-bounds read caused by a buffer overflow. The impact is local information disclosure without requiring privileges or user interaction, as stated in the public descriptions. Connected documents corroborate the root cause as...

Linux Distros Unpatched Vulnerability : CVE-2025-9714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

libxml2 xmlcatalog xmlParseSGMLCatalog recursion

...

Important: libxml2

Issue Overview: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the...

Amazon Linux 2 : libxml2, --advisory ALAS2-2025-2977 (ALAS-2025-2977)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2977 advisory. A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management...

UBUNTU-CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

SUSE CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

ROOT-OS-DEBIAN-11-CVE-2025-7425 CVE-2025-7425 in rootio-libxml2 - Patched by Root

Root has patched CVE-2025-7425 in the rootio-libxml2 package for Root:Debian:11. Multiple fixed versions available...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1894)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to the libxml2 package (CVE-2025-27113, CVE-2025-32414, CVE-2025-32415)

Summary libxml2 is used by DataStage on Cloud Pak for Data as part of XML processing. Vulnerability Details CVEID:CVE-2025-27113 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. CWE:CWE-476: NULL Pointer Dereference CVSS...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to a use-after-free vulnerability due to the libxml2 package (CVE-2025-49794)

Summary libxml2 is used by DataStage on Cloud Pak for Data as part of XML processing. Vulnerability Details CVEID:CVE-2025-49794 DESCRIPTION: A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has...

Linux Distros Unpatched Vulnerability : CVE-2025-27113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. CVE-2025-27113 Note that Nessus relies on the presen...

[SECURITY] [DSA 5990-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5990-1 [email protected] https://www.debian.org/security/ Aron Xu August 29, 2025 https://www.debian.org/security/faq -...

DSA-5990-1 libxml2 - security update

Bulletin has no description...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.38 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2025-6021: Integer Overflow in xmlBuildQName Leads to Stack Buffer Overflow in libxml2 bsc1244580 CVE-2025-6170: stack buffer overflow may lead to a crash bsc1244700 CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in...

SUSE-SU-2025:20607-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2025-6021: Integer Overflow in xmlBuildQName Leads to Stack Buffer Overflow in libxml2 bsc1244580 - CVE-2025-6170: stack buffer overflow may lead to a crash bsc1244700 - CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype...