Astra Linux – Vulnerability in libxml2

A issue was discovered in libxml2 before version 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters may overflow. This leads to an attempt to access an array at a negative 2GB offset, typically resulting in a segmentation fault...

Astra Linux – Vulnerability in libxml2

The GNOME project’s libxml2 v2.9.10 has a global buffer over-read vulnerability in the xmlEncodeEntitiesInternal function within libxml2/entities.c. This issue has been fixed in the commit numbered 50f06b3e...

Astra Linux – Vulnerability in Colorod

There are two information disclosure vulnerabilities in colord, and they reside in colord/src/cd-device-db.c and colord/src/cd-profile-db.c, respectively. These vulnerabilities exist because the 'errmsg' of 'sqlite3exec' does not get released after use, whereas libxml2 requires that the caller mu...

Astra Linux – Vulnerability in libxml2

A issue was discovered in libxml2 before version 2.10.4. When hashing empty dictionary strings in a crafted XML document, the xmlDictComputeFastKey function in dict.c can produce non-deterministic values, resulting in various logical and memory errors, such as double-free errors. This behavior...

Astra Linux – Vulnerability in libxml2

In libxml2 versions prior to 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer do not check for integer overflows. This can lead to out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software that uses libxml2...

Astra Linux – Vulnerability in libxml2

A issue was discovered in libxml2 before version 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logical errors. In one case, a double-free can occur...

MiracleLinux 8 : libxml2-2.9.7-21.el8_10.4 (AXSA:2026-525:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-525:01 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description bloc...

libxml2: Fix of 2 CVEs

CVE-2018-14404: fix NULL pointer dereference in xmlXPathCompOpEval when AND/OR operator operates on an empty XPath stack - CVE-2019-19956: fix memory leak in xmlParseBalancedChunkMemoryRecover when parsing NULL doc...

CLSA-2026-1777464764 libxml2: Fix of 2 CVEs

CVE-2018-14404: fix NULL pointer dereference in xmlXPathCompOpEval when AND/OR operator operates on an empty XPath stack - CVE-2019-19956: fix memory leak in xmlParseBalancedChunkMemoryRecover when parsing NULL doc...

ROOT-OS-DEBIAN-12-CVE-2026-6732 CVE-2026-6732 in rootio-libxml2 - Patched by Root

Root has patched CVE-2026-6732 in the rootio-libxml2 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-0990 CVE-2026-0990 in rootio-libxml2 - Patched by Root

Root has patched CVE-2026-0990 in the rootio-libxml2 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-1757 CVE-2026-1757 in rootio-libxml2 - Patched by Root

Root has patched CVE-2026-1757 in the rootio-libxml2 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-0992 CVE-2026-0992 in rootio-libxml2 - Patched by Root

Root has patched CVE-2026-0992 in the rootio-libxml2 package for Root:Debian:12. Multiple fixed versions available...

RHSA-2026:11349 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...

RLSA-2026:11349 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libxml2: libxml2-16-2.15.3-0.1.hum1 aarch64, x8664 libxml2-2.15.3-0.1.hum1 aarch64, x8664 libxml2-devel-2.15.3-0.1.hum1 aarch64, x8664 libxml2-static-2.15.3-0.1.hum1 aarch64, x8664...

RockyLinux 8 : libxml2 (RLSA-2026:11349)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11349 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description block...

Oracle Linux 8 : libxml2 (ELSA-2026-11349)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11349 advisory. - Fix CVE-2025-9714 RHEL-119279 - Fix CVE-2025-32415 RHEL-100177 - Fix CVE-2025-7425 RHEL-102797 - Fix CVE-2025-6021 RHEL-96498 - Fix CVE-2025-49794 RHEL-96398...

AlmaLinux 8 : libxml2 (ALSA-2026:11349)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:11349 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description block...