SUSE: Security Advisory (SUSE-SU-2025:0748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2011-1944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause ...

CentOS 9 : libxml2-2.9.13-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libxml2-2.9.13-9.el9 build changelog. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD...

Advisory ROSA-SA-2025-2751

Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-18.rv3.2 CVE-ID: CVE-2023-39615 BDU-ID: 2023-05968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlsax2startelement function of the libxml2 library is caused by a buffer overflow. Exploitation of the...

Advisory ROSA-SA-2025-2726

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1.rv30.2 CVE-ID: CVE-2022-49043 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Use-after-free vulnerability in libxml2. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerability, run the comman...

SUSE SLED15: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-devel-32bit / etc (SUSE-SU-2025:0746-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0746-1 advisory. - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables ...

SUSE SLES12: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-doc / etc (SUSE-SU-2025:0747-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0747-1 advisory. - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. - CVE-2025-24928:...

SUSE SLES15 Security Update : libxml2 (SUSE-SU-2025:0748-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0748-1 advisory. - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. -...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. CVE-2025-27113: NULL pointer...

SUSE-SU-2025:0748-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. - CVE-2025-27113: NULL pointe...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. CVE-2025-27113: NULL pointer...

SUSE-SU-2025:0747-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. - CVE-2025-27113: NULL pointe...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. CVE-2025-27113: NULL pointer...

SUSE-SU-2025:0746-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. - CVE-2025-27113: NULL pointe...

OESA-2025-1225 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

...

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

...

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

...

CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-27113)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27113 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c...

CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-24928)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24928 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in...