GHSA-66FF-XGX4-VCHM protobuf.js: Code injection through bytes field defaults in generated toObject code

Summary protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generat...

PT-2026-38030

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

libxml2 安全漏洞

Libxml2 is an open-source library from GNOME that is used for parsing XML documents. It is written in C language and can be called by various languages, such as C, C++, and XSH. Libxml2 has a security vulnerability that arises from type confusion errors when processing specially crafted XML Schem...

CLSA-2025-1761261543 Fix CVE(s): CVE-2024-56171

SECURITY UPDATE: use-after-free vulnerability in XML schema processing - debian/patches/CVE-2024-56171.patch: Fix use-after-free after xmlSchemaItemListAdd in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables - CVE-2024-56171...

EUVD-2025-4769

Malicious code in bioql PyPI...

K000152932: libxml2 vulnerability CVE-2024-56171

Security Advisory Description libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or ...

The vulnerability of the parquet-avro module in the Apache Parquet Java library, which allows a hacker to execute arbitrary code.

The vulnerability of the parquet-avro module in the Apache Parquet Java library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code during the processing of Avro schemas...

Heap-based Buffer Under-read

libxml2.so is vulnerable to a Heap-based buffer under-read. The vulnerability is due to improper handling of identity constraints in the XML schema processing, specifically in the xmlSchemaIDCFillNodeTables function in xmlschemas.c, allows a heap-based buffer under-read when certain identity...

CLSA-2025-1741286348 Fix of 5 CVEs

SECURITY UPDATE: buffer over-read in xmlHTMLPrintFileContext - debian/patches/CVE-2024-34459.patch: Fix buffer overread with xmllint --htmlout by adding a missing bounds check - CVE-2024-34459 SECURITY UPDATE: use-after-free vulnerability in xinclude.c - debian/patches/CVE-2022-49043.patch: Fix...

CLSA-2025-1741286239 Fix of 5 CVEs

SECURITY UPDATE: buffer over-read in xmlHTMLPrintFileContext - debian/patches/CVE-2024-34459.patch: Fix buffer overread with xmllint --htmlout by adding a missing bounds check - CVE-2024-34459 SECURITY UPDATE: use-after-free vulnerability in xinclude.c - debian/patches/CVE-2022-49043.patch: Fix...

AZL-56925 CVE-2024-56171 affecting package libxml2 for versions less than 2.10.4-6

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

AZL-57010 CVE-2024-56171 affecting package libxml2 for versions less than 2.11.5-4

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...