3 matches found
CVE-2024-40896
CVE-2024-40896 affects libxml2 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3. The SAX parser can emit events for external entities even when custom SAX handlers try to override content (via checked), enabling classic XXE attacks. Connected sources reiterate the same vulnerabilit...
CVE-2024-25062
CVE-2024-25062 : Affects libxml2 prior to 2.11.7 and 2.12.x prior to 2.12.5. When using the XML Reader with DTD validation and XInclude expansion, crafted XML can trigger an xmlValidatePopElement use-after-free, as described in multiple connected sources. Impact is described as an availability co...
CVE-2024-34459
The CVE-2024-34459 issue affects libxml2’s xmllint when using --htmlout, where a formatting error in error messages can trigger a buffer over-read in xmlHTMLPrintFileContext. The vulnerability concerns xmllint and the libxml2 parser before versions 2.11.8 and 2.12.x before 2.12.7. A PoC exists pe...