Lucene search
K

46 matches found

CVE
CVE
added 2024/02/04 12:0 a.m.1192 views

CVE-2024-25062

CVE-2024-25062 : Affects libxml2 prior to 2.11.7 and 2.12.x prior to 2.12.5. When using the XML Reader with DTD validation and XInclude expansion, crafted XML can trigger an xmlValidatePopElement use-after-free, as described in multiple connected sources. Impact is described as an availability co...

7.5CVSS7.4AI score0.01375EPSS
CVE
CVE
added 2024/05/13 12:0 a.m.1145 views

CVE-2024-34459

The CVE-2024-34459 issue affects libxml2’s xmllint when using --htmlout, where a formatting error in error messages can trigger a buffer over-read in xmlHTMLPrintFileContext. The vulnerability concerns xmllint and the libxml2 parser before versions 2.11.8 and 2.12.x before 2.12.7. A PoC exists pe...

7.5CVSS6.5AI score0.02298EPSS
CVE
CVE
added 2021/05/14 7:50 p.m.616 views

CVE-2021-3537

Summary: CVE-2021-3537 affects libxml2 up to 2.9.11. In XML mixed content parsing, errors were not propagated, causing a NULL dereference when an untrusted document is parsed in recovery mode and post-validated, with availability as the highest impact. The connected documents confirm the vulnerab...

5.9CVSS7AI score0.03503EPSS
In wild
CVE
CVE
added 2021/05/19 1:45 p.m.608 views

CVE-2021-3517

CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...

8.6CVSS8.4AI score0.0828EPSS
CVE
CVE
added 2021/07/09 4:2 p.m.496 views

CVE-2021-3541

CVE-2021-3541 describes a vulnerability in libxml2 where exponential entity expansion can bypass protections and cause a denial of service. The Initial Description confirms the flaw and its DoS impact, and connected documents (e.g., Astra Linux bulletin and BSNSA entries) reiterate libxml2 involv...

6.5CVSS7AI score0.01861EPSS
CVE
CVE
added 2019/12/24 3:12 p.m.477 views

CVE-2019-19956

Summary (CVE-2019-19956) libxml2 before 2.9.10 contains a memory leak in xmlParseBalancedChunkMemoryRecover (parser.c) related to newDoc->oldNs. This can lead to memory not being freed (partial impact noted) and, per mapped references, contributes to DoS scenarios. The CVSS data across sources...

7.5CVSS7.5AI score0.05515EPSS
CVE
CVE
added 2022/02/26 12:0 a.m.473 views

CVE-2022-23308

CVE-2022-23308 affects libxml2 before 2.9.13, caused by a use-after-free in ID/IDREF attributes in valid.c. The NVD data shows a CVSS 3.1 base score of 7.5 (NETWORK, PR:N, UI:N, S:U, C:N/I:N/A:H) and CVSS 2.0 base score of 4.3 (NETWORK, A:P). Connected advisories confirm the same flaw and referen...

7.5CVSS7.7AI score0.0601EPSS
CVE
CVE
added 2021/05/18 11:20 a.m.442 views

CVE-2021-3518

CVE-2021-3518 details (libxml2): A use-after-free exists in libxml2 before v2.9.11 when processing crafted input files through an application linked with libxml2. This can impact confidentiality, integrity, and availability. The issue is triggered by processing a specially crafted file via libxml...

8.8CVSS8.4AI score0.03653EPSS
CVE
CVE
added 2016/09/25 10:0 a.m.414 views

CVE-2016-4658

CVE-2016-4658 affects libxml2 up to version 2.9.4 (and is noted in Apple platforms such as iOS/OS X/watchOS as affected). The issue arises from allowing namespace nodes in XPointer ranges, which can enable a remote attacker to cause arbitrary code execution or a denial of service (use-after-free/...

10CVSS8AI score0.08628EPSS
CVE
CVE
added 2022/05/03 12:0 a.m.410 views

CVE-2022-29824

Summary: CVE-2022-29824 affects libxml2 up to version 2.9.14. Several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) fail to check integer overflows, causing out-of-bounds memory writes when processing crafted XML files. This vulnerability also affects software that uses lib...

6.5CVSS6.8AI score0.0363EPSS
CVE
CVE
added 2022/11/22 12:0 a.m.400 views

CVE-2022-40303

CVE-2022-40303 affects libxml2 prior to 2.10.3. When parsing multi‑gigabyte XML with XML_PARSE_HUGE enabled, integer counters can overflow and cause an access at a negative 2GB offset, typically leading to a segmentation fault. Public sources (including libxml2‑focused advisories and AWS ALAS/BSN...

7.5CVSS6.9AI score0.22791EPSS
CVE
CVE
added 2023/04/24 12:0 a.m.364 views

CVE-2023-28484

CVE-2023-28484 affects libxml2 up to version 2.10.3, where parsing certain invalid XSD schemas can trigger a NULL pointer dereference in xmlSchemaFixupComplexType (xmlschemas.c), potentially causing a segfault. The issue is addressed by libxml2 2.10.4 (release notes linked in connected docs). Rem...

6.5CVSS6.7AI score0.01086EPSS
CVE
CVE
added 2022/11/23 12:0 a.m.350 views

CVE-2022-40304

CVE-2022-40304: libxml2 before 2.10.3 contains invalid XML entity definitions that can corrupt a hash table key, potentially triggering logic errors and, in at least one case, a double-free. Affected library is libxml2; CVSS v3.1 shows base score 7.8 (HIGH) with LOCAL access, high impact. Public ...

7.8CVSS6.9AI score0.06782EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.331 views

CVE-2024-56171

CVE-2024-56171 affects libxml2 up to 2.12.9 and 2.13.x up to 2.13.5. It is a use-after-free in the functions xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables (in xmlschemas.c). To exploit, a crafted XML document must be validated against an XML schema with certain identity constraints,...

9.8CVSS7.2AI score0.0113EPSS
CVE
CVE
added 2018/02/07 11:0 p.m.315 views

CVE-2017-5130

CVE-2017-5130 describes an integer overflow in libxml2’s xmlmemory.c that could enable a remote attacker to cause heap corruption via a crafted XML file. The vulnerability affects libxml2 up to version before 2.9.5 and has been observed in products such as Google Chrome (prior to 62.0.3202.62) an...

8.8CVSS6.6AI score0.02765EPSS
CVE
CVE
added 2018/08/28 7:0 p.m.302 views

CVE-2017-15412

CVE-2017-15412 is a use-after-free in libxml2 (affected before 2.9.5) used by Chrome and other products, potentially enabling heap corruption via crafted HTML. Connected advisories also reference CVE-2018-14404 (NULL pointer dereference in xmlXPathCompOpEval) affecting libxml2 up to 2.9.8 during ...

8.8CVSS7AI score0.02963EPSS
CVE
CVE
added 2023/04/24 12:0 a.m.297 views

CVE-2023-29469

libxml2 before 2.10.4 is affected by CVE-2023-29469 and CVE-2023-28484. The issue stems from hashing empty dict strings in crafted XML, leading to non-deterministic dict keys and memory errors such as double frees. Affected products include libxml2 implementations used in various stacks; upgrade ...

6.5CVSS6.6AI score0.01013EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.282 views

CVE-2025-24928

CVE-2025-24928 affects libxml2 (versions before 2.12.10 and 2.13.x before 2.13.6) with a stack-based buffer overflow in xmlSnprintfElements (valid.c) that requires DTD validation for exploitation. Remediation per connected docs: upgrade libxml2 to 2.12.10+ or 2.13.6+ (e.g., via libxml2 update) an...

7.8CVSS7.5AI score0.00375EPSS
CVE
CVE
added 2025/01/26 12:0 a.m.262 views

CVE-2022-49043

Summary: CVE-2022-49043 affects libxml2 before 2.11.0, where xmlXIncludeAddNode in xinclude.c has a use-after-free vulnerability. The vulnerability is documented across multiple connected sources (Linux distributions and advisories) and is associated with a high impact due to potential memory cor...

8.1CVSS7AI score0.00257EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.234 views

CVE-2025-27113

Summary of CVE-2025-27113 context and public details : The vulnerability is in libxml2 (affected patterns CVE-2025-27113) with a NULL pointer dereference in xmlPatMatch (pattern.c). Public documentation indicates affected releases include libxml2 versions prior to 2.12.10 and 2.13.x prior to 2.13...

7.5CVSS7.2AI score0.01018EPSS
CVE
CVE
added 2025/04/08 12:0 a.m.225 views

CVE-2025-32414

CVE-2025-32414 concerns libxml2 prior to 2.13.8 and 2.14.x prior to 2.14.2, where the Python bindings can trigger an out-of-bounds memory access due to an incorrect return value in the Python API. Affected code paths include xmlPythonFileRead and xmlPythonFileReadRaw, caused by a mismatch between...

7.5CVSS7.1AI score0.0033EPSS
CVE
CVE
added 2018/02/19 7:0 p.m.203 views

CVE-2017-7376

CVE-2017-7376 is described in the connected IBM bulletin as a buffer overflow in libxml2 that allows remote code execution by exploiting an incorrect limit for port values when handling redirects. The provided documents confirm the existence of this vulnerability and its impact on libxml2, but do...

10CVSS8.1AI score0.23694EPSS
CVE
CVE
added 2018/04/08 5:0 p.m.198 views

CVE-2017-18258

The CVE-2017-18258 entry affects libxml2: the xz_head function in xzlib.c (pre-2.9.6) allows remote attackers to cause a denial of service via crafted LZMA files by not restricting memory usage to a legitimate file. Impact is memory consumption/DoS; no exploit details are provided in the initial ...

6.5CVSS5.9AI score0.02706EPSS
CVE
CVE
added 2025/04/17 12:0 a.m.195 views

CVE-2025-32415

CVE-2025-32415 affects libxml2: vulnerable in versions prior to 2.13.8 and 2.14.x prior to 2.14.2. The root cause is a heap-based buffer under-read in xmlSchemaIDCFillNodeTables (xmlschemas.c) that can be triggered by validating a crafted XML against a specific identity-constrained XML schema or ...

7.5CVSS4.1AI score0.00527EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.184 views

CVE-2016-1839

CVE-2016-1839 involves libxml2 where the xmlDictAddString function in dict.c can cause a heap-based buffer over-read, leading to a denial of service. The issue affects libxml2 up to version 2.9.4 (as used in Apple iOS, macOS, tvOS, watchOS). A later linked entry (CVE-2017-9050) confirms this was ...

5.5CVSS6.4AI score0.07347EPSS
CVE
CVE
added 2017/04/11 4:0 p.m.169 views

CVE-2016-4483

CVE-2016-4483 is a libxml2 serialization bug: xmlBufAttrSerializeTxtContent can trigger an out-of-bounds read when a non-UTF-8 attribute value is serialized, leading to a denial of service. Connected records note related follow-ons: CVE-2016-9598 (and CVE-2016-9596) describe DoS/out-of-bounds sce...

7.5CVSS7.2AI score0.06165EPSS
CVE
CVE
added 2016/03/24 1:0 a.m.165 views

CVE-2016-1762

CVE-2016-1762 (and related libxml2 flaws) affects the GNOME libxml2 library where crafted XML input can cause denial of service or code execution. The primary cited issue is a heap-based buffer over-read in xmlNextChar prior to libxml2 2.9.4. Public advisories list multiple CVEs (e.g., 2016-1833/...

8.1CVSS7AI score0.06466EPSS
CVE
CVE
added 2008/09/02 2:0 p.m.163 views

CVE-2003-1564

CVE-2003-1564 involves the XML parser library (libxml2) and a failure to detect recursion during entity expansion. A crafted XML document with a large number of nested entity references can trigger a denial of service through excessive memory and CPU usage (the classic “billion laughs” scenario)....

9.3CVSS6.9AI score0.01619EPSS
CVE
CVE
added 2008/09/12 4:0 p.m.159 views

CVE-2008-3529

No additional technical details about CVE-2008-3529 are present in the provided documents. Public details appear in the Initial Description, but no connected documents confirm affected products/versions/root cause/fixes. Monitor for updates.

10CVSS7.3AI score0.23373EPSS
CVE
CVE
added 2025/06/12 12:49 p.m.159 views

CVE-2025-6021

Affects libxml2: multiple vendors report CVE-2025-6021 (integer overflow in xmlBuildQName causing stack-based buffer overflow). Documents show vulnerable libxml2 variants across distributions (e.g., AWS ALAS advisories for libxml2 with 2.9/2.10 lines; AIX advisory listing affected filesets; Astra...

7.5CVSS7.4AI score0.01067EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.151 views

CVE-2016-1834

CVE-2016-1834 describes a heap-based buffer overflow in libxml2's xmlStrncat function prior to 2.9.4, affecting Apple iOS/tvOS/watchOS and OS X before patched versions. Exploitation could lead to remote code execution or memory corruption and potential denial of service when processing crafted XM...

9.3CVSS8.6AI score0.04643EPSS
CVE
CVE
added 2016/04/11 9:0 p.m.148 views

CVE-2015-8710

CVE-2015-8710 affects libxml2: denial of service and possible information disclosure from an out-of-bounds memory access when parsing an unclosed HTML comment. Publicly reported in multiple vendor advisories (IBM IMM/IMM2, RackSwitch, F5 BIG-IP, Rational DOORS, etc.). Remediation across products ...

9.8CVSS9.7AI score0.04925EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.142 views

CVE-2016-1840

CVE-2016-1840: libxml2 contains a heap-based buffer overflow in xmlFAParsePosCharGroup (pre-2.9.4). Affected on Apple iOS (pre-9.3.2), OS X (pre-10.11.5), tvOS (pre-9.2.1), watchOS (pre-2.2.1); can lead to remote code execution or memory corruption. Remediation: upgrade libxml2 to 2.9.4 or later ...

7.8CVSS8.6AI score0.03239EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.139 views

CVE-2016-1833

CVE-2016-1833 is a libxml2 memory corruption issue where the htmlCurrentChar function can cause a heap-based buffer over-read during parsing of crafted XML. Public details in connected docs indicate affected platforms include Apple iOS, macOS, tvOS, watchOS and related libxml2 usage, with version...

5.5CVSS6.3AI score0.02559EPSS
CVE
CVE
added 2016/04/13 5:0 p.m.138 views

CVE-2015-8806

CVE-2015-8806 — libxml2 heap-buffer overread in dict.c . A remote attacker can crash an affected application by sending a crafted HTML document containing an unexpected character immediately after the "

7.5CVSS7.1AI score0.04964EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.137 views

CVE-2016-1836

CVE-2016-1836 is a use-after-free in libxml2 (xmlDictComputeFastKey). Public mentions tie it to libxml2 up to 2.9.4, with affected Apple platforms (iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, watchOS before 2.2.1) and a DoS impact via crafted XML, per vendor advisories. Connected do...

5.5CVSS6.5AI score0.03926EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.137 views

CVE-2016-1837

CVE-2016-1837 is a use-after-free/memory corruption vulnerability in libxml2 affecting the htmlParsePubidLiteral and htmlParseSystemLiteral paths, leading to denial of service. Public references in the Initial document note a MEDIUM (CVSSv3 base 5.5) impact with LOCAL attack vector and user inter...

5.5CVSS6.6AI score0.04092EPSS
CVE
CVE
added 2010/11/16 11:0 p.m.117 views

CVE-2010-4008

CVE-2010-4008 affects libxml2 prior to 2.7.8 and is triggered by malformed XPath expressions, causing an application crash via invalid memory access. It is noted in advisories tied to libxml2 updates for platforms using the library (e.g., Chrome and Safari stacks). The connected records reference...

4.3CVSS5.6AI score0.03133EPSS
CVE
CVE
added 2016/02/12 3:26 p.m.113 views

CVE-2016-2073

CVE-2016-2073 affects libxml2: a vulnerability in htmlParseNameComplex() can cause a heap-based buffer overflow / out-of-bounds read, leading to potential denial of service or code execution when processing a crafted XML file. The connected IBM/IBM Guards pages confirm the issue and list affected...

6.5CVSS7.1AI score0.0231EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.88 views

CVE-2016-9598

CVE-2016-9598 affects libxml2 as used in Red Hat JBoss Core Services. The vulnerability is a denial-of-service due to an out-of-bounds read in libxml2 triggered by a specially crafted XML document, which can crash the application. Note that this issue exists because of a missing fix for CVE-2016-...

6.5CVSS7.1AI score0.01235EPSS
CVE
CVE
added 2025/08/08 4:32 p.m.82 views

CVE-2025-8732

CVE-2025-8732 affects libxml2 up to 2.14.5, with a vulnerability in xmlParseSGMLCatalog that can trigger uncontrolled recursion during SGML catalog processing. Local attackers are required, and exploit details have circulated publicly; the real-world impact remains debated in some sources. Severa...

4.8CVSS4AI score0.00143EPSS
CVE
CVE
added 2025/09/10 6:43 p.m.71 views

CVE-2025-9714

CVE-2025-9714 affects libxml2 up to and including 2.9.14. The vulnerability arises from uncontrolled recursion in XPath evaluation: xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset recursion depth to zero before recursion, enabling stack overflow via crafted expressions. Impact is...

6.2CVSS6.2AI score0.00144EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.70 views

CVE-2016-9596

CVE-2016-9596 is a libxml2-based denial-of-service issue observed in Red Hat JBoss Core Services, triggered by a crafted XML document while in recovery mode. The linked CNVD entry corroborates a DoS via a crafted XML document, noting a stack-related impact (stack corruption/DoS) and that it arise...

6.5CVSS7.2AI score0.01076EPSS
CVE
CVE
added 2026/01/15 2:20 p.m.61 views

CVE-2026-0990

Vulnerability: CVE-2026-0990 affects libxml2. An uncontrolled recursion bug in xmlCatalogXMLResolveURI is triggered when a delegate URI entry references itself, allowing a remote attacker to craft an XML catalog that causes infinite recursion and stack exhaustion, resulting in DoS via application...

5.9CVSS6.3AI score0.00755EPSS
CVE
CVE
added 2026/01/15 2:20 p.m.48 views

CVE-2026-0989

CVE-2026-0989 concerns a flaw in the RelaxNG parser in libxml2 where external schema inclusions can cause unbounded recursion, leading to stack exhaustion and denial-of-service crashes. The connected documents confirm this issue across multiple distributions (e.g., Amazon Linux 2/ALAS advisories,...

3.7CVSS6.2AI score0.00419EPSS
CVE
CVE
added 2026/01/15 2:20 p.m.36 views

CVE-2026-0992

CVE-2026-0992 in libxml2 describes an uncontrolled resource consumption vulnerability. A remote attacker can supply crafted XML catalogs containing repeated elements pointing to the same downstream catalog, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU us...

2.9CVSS6.3AI score0.00308EPSS