libxml2 Security Vulnerabilities

libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. A security vulnerability exists in libxml2 prior to version 2.11.7 and version 2.12.x prior to version 2.12.5, which stems from the fact that when using the...

PT-2024-1711

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.11.7 and earlier libxml2 versions 2.12.x through 2.12.4 Description A use-after-free flaw was found in the xmlValidatePopElement function of the libxml2 library when using the XML Reader interface with DTD validation and...

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

CVE-2024-25062

CVE-2024-25062 : Affects libxml2 prior to 2.11.7 and 2.12.x prior to 2.12.5. When using the XML Reader with DTD validation and XInclude expansion, crafted XML can trigger an xmlValidatePopElement use-after-free, as described in multiple connected sources. Impact is described as an availability co...

Slackware Linux 15.0 / current libxml2 Vulnerability (SSA:2024-035-01)

The version of libxml2 installed on the remote host is prior to 2.11.7 / 2.12.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-035-01 advisory. - An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD...

Improper Handling of Unexpected Data Type in Nokogiri

Summary Nokogiri v1.16.2 upgrades the version of its dependency libxml2 to v2.12.5. libxml2 v2.12.5 addresses the following vulnerability: CVE-2024-25062 / https://vulners.com/cve/CVE-2024-25062 described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 patched by...

CLSA-2024-1706700142 php: Fix of 8 CVEs

CVE-2021-21702: Fix null pointer crash because of malformed SOAP server response - CVE-2021-21703: Fix error in php fpm shared memory organization leading to privilage escalation - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE - CVE-2022-31626: Fix buffer overflow in mysqlnd...

RHEL 8 : libxml2 (RHSA-2023:7544)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7544 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

libxml2: crafted xml can cause global buffer overflow

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

libxml2: NULL dereference in xmlSchemaFixupComplexType

A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing invalid XML schemas...

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

libxml2: dict corruption caused by entity reference cycles

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...

RHEL 8 : libxml2 (RHSA-2024:0413)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0413 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflo...

The vulnerability of the libxml2 library in operating systems macOS, iOS, and iPadOS allows attackers to trigger a service failure.

The vulnerability of the libxml2 library in operating systems such as macOS, iOS, and iPadOS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Heap Buffer Overflow

libxml2 is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper bound checking. This issue can be exploited by an attacker via parsing a malicious file to execute arbitrary code within the context of an unprivileged process...

EulerOS Virtualization 3.0.6.6 : libxml2 (EulerOS-SA-2023-3404)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-2696)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occur...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-3250)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c...

EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2023-3343)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c...