RHEL 8 : libxml2 (RHSA-2024:3299)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3299 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: use-after-free in...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

libxml2: use-after-free in XMLReader

A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

...

F5 Networks BIG-IP : libxml2 vulnerability (K000139641)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139641 advisory. In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequent...

K000139641: libxml2 vulnerability CVE-2023-28484

Security Advisory Description In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. CVE-2023-28484 Impact This vulnerability allows a remote, authenticated...

SUSE CVE-2024-34459

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

GHSA-R3W4-36X6-7R99 Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r95h-9x8f-r3f7. This link is maintained to preserve external references. Original Description Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses...

Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r95h-9x8f-r3f7. This link is maintained to preserve external references. Original Description Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses...

K000139594: libxml2 vulnerability CVE-2022-40304

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. CVE-2022-40304. Impact This vulnerability allows a remot...

AZL-42019 CVE-2024-34459 affecting package libxml2 for versions less than 2.10.4-3

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

CVE-2024-34459

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

DEBIAN-CVE-2024-34459

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

ALPINE-CVE-2024-34459

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

AZL-42027 CVE-2024-34459 affecting package libxml2 for versions less than 2.11.5-3

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

CVE-2024-34459

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

UBUNTU-CVE-2024-34459

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

CVE-2024-34459

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

F5 Networks BIG-IP : libxml2 vulnerability (K000139592)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139592 advisory. An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document,...

F5 Networks BIG-IP : libxml2 vulnerability (K000139594)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.2.2 / 17.5.0. It is, therefore, affected by a vulnerability as referenced in the K000139594 advisory. An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table...