Use-after-free in xmlValidatePopElement() using XMLReader API (CVE-2024-25062)

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

CLSA-2025-1741291888 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix compilation of explicit child axis...

CLSA-2025-1741286016 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix compilation of explicit child axis...

Security Bulletin: libxml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-25062)

Summary The libxml2 used by Identity Insight has a vulnerability in its XMLReader API call. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...

Important: libxml2

Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Important: libxml2

Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Linux Distros Unpatched Vulnerability : CVE-2024-56171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit...

Critical Photon OS Security Update - PHSA-2025-4.0-0765

Updates of 'rubygem-activesupport', 'libxml2', 'gettext' packages of Photon OS have been released...

CLSA-2025-1741215702 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix NULL pointer dereference in xmlPatMatch in pattern.c...

Linux Distros Unpatched Vulnerability : CVE-2022-29824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in...

Linux Distros Unpatched Vulnerability : CVE-2022-2309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10...

Linux Distros Unpatched Vulnerability : CVE-2020-24977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit...

Linux Distros Unpatched Vulnerability : CVE-2021-3541

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

Linux Distros Unpatched Vulnerability : CVE-2016-1833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow...

Linux Distros Unpatched Vulnerability : CVE-2012-0841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to...

Linux Distros Unpatched Vulnerability : CVE-2016-1835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remot...

Linux Distros Unpatched Vulnerability : CVE-2016-1834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and...

Linux Distros Unpatched Vulnerability : CVE-2016-4447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread...

Linux Distros Unpatched Vulnerability : CVE-2016-1839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allo...

Linux Distros Unpatched Vulnerability : CVE-2016-1836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before...