CLSA-2026-1779225366 libxml2: Fix of CVE-2022-2309

CVE-2022-2309: reset nsNr in xmlCtxtReset and htmlCtxtReset to prevent NULL pointer dereference / DoS triggered via crafted XML or HTML input reused across parser context resets...

CLSA-2026-1779215759 libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...

Alibaba Cloud Linux 3 : 0104: libxml2 (ALINUX3-SA-2026:0104)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0104 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9714: Uncontrolled recursion inXPath...

RHSA-2026:15967 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CLSA-2026-1778491896 libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...

Unity Linux 20.1060e / 20.1070e Security Update: libxml2 (UTSA-2026-017425)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017425 advisory. A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. Tenable...

RHEL 8 : libxml2 (RHSA-2026:15967)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:15967 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

Unity Linux 20.1060e / 20.1070e Security Update: libxml2 (UTSA-2026-017421)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017421 advisory. There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could...

Unity Linux 20.1060e / 20.1070e Security Update: libxml2 (UTSA-2026-017422)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017422 advisory. A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an...

RHSA-2026:14858 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

RHSA-2026:14832 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

BIT-JRE-2025-7425 Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

BIT-JRE-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

BIT-JRE-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

BIT-JRE-2025-27113

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c...

BIT-JRE-2025-24928

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

PT-2026-38850

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c...