Lucene search
K
XmlsoftLibxml22.13.0

5 matches found

CVE
CVE
added 2024/12/23 12:0 a.m.1391 views

CVE-2024-40896

CVE-2024-40896 affects libxml2 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3. The SAX parser can emit events for external entities even when custom SAX handlers try to override content (via checked), enabling classic XXE attacks. Connected sources reiterate the same vulnerabilit...

9.1CVSS6.5AI score0.01192EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.334 views

CVE-2024-56171

CVE-2024-56171 affects libxml2 up to 2.12.9 and 2.13.x up to 2.13.5. It is a use-after-free in the functions xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables (in xmlschemas.c). To exploit, a crafted XML document must be validated against an XML schema with certain identity constraints,...

9.8CVSS7.2AI score0.0113EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.287 views

CVE-2025-24928

CVE-2025-24928 affects libxml2 (versions before 2.12.10 and 2.13.x before 2.13.6) with a stack-based buffer overflow in xmlSnprintfElements (valid.c) that requires DTD validation for exploitation. Remediation per connected docs: upgrade libxml2 to 2.12.10+ or 2.13.6+ (e.g., via libxml2 update) an...

7.8CVSS7.5AI score0.00375EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.240 views

CVE-2025-27113

Summary of CVE-2025-27113 context and public details : The vulnerability is in libxml2 (affected patterns CVE-2025-27113) with a NULL pointer dereference in xmlPatMatch (pattern.c). Public documentation indicates affected releases include libxml2 versions prior to 2.12.10 and 2.13.x prior to 2.13...

7.5CVSS7.2AI score0.01009EPSS
CVE
CVE
added 2026/04/23 10:19 p.m.44 views

CVE-2026-6732

CVE-2026-6732 affects libxml2 and is triggered when parsing an XSD-validated document that contains an internal entity reference, causing a type confusion error and a DoS via crashes. The vulnerability is tied to how libxml2 processes crafted XML Schema Definition inputs, with the impact describe...

7.5CVSS5.7AI score0.00632EPSS