SUSE CVE-2021-3516

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability...

SUSE CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

SUSE CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability...

SUSE CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

SUSE CVE-2021-3541

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

SUSE CVE-2021-3596

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt and uses the value directly, which leads to a crash and segmentation fault...

SUSE CVE-2021-42523

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'errmsg' of 'sqlite3exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it...

SUSE CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes...

SUSE CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

SUSE CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

PT-2023-35922 · Libxml2 · Libxml2

Name of the Vulnerable Software and Affected Versions: libxml2 affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash indicate it occurs in the xmlParseTryOrFinish and xmlParseChunk functions within the xml.c file...

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt6.p9.1

1:2.9.10-alt6.p9.1 built Feb. 13, 2023 Andrey Cherepanov in task 314487 Feb. 1, 2023 Andrey Cherepanov - Applied security fixes from upstream Fixes: CVE-2022-40303, CVE-2022-40304...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1393)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1365)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2023-1365)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, sever...

EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2023-1393)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, sever...

K32760744: libxml2 vulnerability CVE-2022-23308

Security Advisory Description valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Impact The security impact of xmlGetID returning a pointer to freed memory depends on the application and mostly results in denial-of-service DoS. The typical use case of...

AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)

IBM SECURITY ADVISORY First Issued: Wed Feb 8 13:18:47 CST 2023 |Updated: Thu May 4 13:36:14 CDT 2023 |Update: Corrected the affected upper fileset levels for AIX 7.2 TL5 to | show that SP06 is affected. Corrected the affected upper fileset | levels for AIX 7.3 TL1 to show that SP02 is affected...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2015-20107. GNOME libxml2 is used by IBM Robotic Process Automation as part of container base images,...

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.12-alt1.p10.1

1:2.9.12-alt1.p10.1 built Feb. 2, 2023 Alexander Danilov in task 314068 Jan. 24, 2023 Alexander Danilov - Applied security fixes from upstream Fixes: CVE-2022-23308, CVE-2022-29824, CVE-2022-40303, CVE-2022-40304...