libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

Important: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

libxml: Type confusion leads to Denial of service (DoS)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

libxml: Heap use after free (UAF) leads to Denial of service (DoS)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

RHEL 9 : libxml2 (RHSA-2025:11580)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11580 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: Heap use after...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.7)

The version of AOS installed on the remote host is prior to 6.10.1.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.7 advisory. - Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or maliciou...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.9)

The version of AOS installed on the remote host is prior to 6.8.1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.9 advisory. - Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious...

Nokogiri patches vendored libxml2 to resolve multiple CVEs

Summary Nokogiri v1.18.9 patches the vendored libxml2 to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. Impact and severity CVE-2025-6021 A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead t...

GHSA-353F-X4GH-CQQ8 Nokogiri patches vendored libxml2 to resolve multiple CVEs

Summary Nokogiri v1.18.9 patches the vendored libxml2 to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. Impact and severity CVE-2025-6021 A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead t...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1831)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1830)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2025-1830)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit thi...

EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2025-1831)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit thi...

libxml2-2-2.13.8-3.1 on GA media (moderate)

libxml2-2-2.13.8-3.1 on GA media Announcement ID: openSUSE-SU-2025:15363-1 Rating: moderate Cross-References: CVE-2025-7425 CVSS scores: CVE-2025-7425 SUSE : 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H CVE-2025-7425 SUSE : 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H...

OPENSUSE-SU-2025:15363-1 libxml2-2-2.13.8-3.1 on GA media

These are all security issues fixed in the libxml2-2-2.13.8-3.1 package on the GA media of openSUSE Tumbleweed...

Photon OS 4.0: Libxml2 PHSA-2025-4.0-0834

An update of the libxml2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0834. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Libxml2 PHSA-2025-5.0-0562

An update of the libxml2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0562. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

OESA-2025-1867 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

Critical Photon OS Security Update - PHSA-2025-4.0-0834

Updates of 'libxml2', 'linux', 'kafka' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2025-5.0-0562

Updates of 'libxml2' packages of Photon OS have been released...