5 matches found
CVE-2024-40896
CVE-2024-40896 affects libxml2 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3. The SAX parser can emit events for external entities even when custom SAX handlers try to override content (via checked), enabling classic XXE attacks. Connected sources reiterate the same vulnerabilit...
CVE-2024-56171
CVE-2024-56171 affects libxml2 up to 2.12.9 and 2.13.x up to 2.13.5. It is a use-after-free in the functions xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables (in xmlschemas.c). To exploit, a crafted XML document must be validated against an XML schema with certain identity constraints,...
CVE-2025-24928
CVE-2025-24928 affects libxml2 (versions before 2.12.10 and 2.13.x before 2.13.6) with a stack-based buffer overflow in xmlSnprintfElements (valid.c) that requires DTD validation for exploitation. Remediation per connected docs: upgrade libxml2 to 2.12.10+ or 2.13.6+ (e.g., via libxml2 update) an...
CVE-2025-27113
Summary of CVE-2025-27113 context and public details : The vulnerability is in libxml2 (affected patterns CVE-2025-27113) with a NULL pointer dereference in xmlPatMatch (pattern.c). Public documentation indicates affected releases include libxml2 versions prior to 2.12.10 and 2.13.x prior to 2.13...
CVE-2026-6732
CVE-2026-6732 affects libxml2 and is triggered when parsing an XSD-validated document that contains an internal entity reference, causing a type confusion error and a DoS via crashes. The vulnerability is tied to how libxml2 processes crafted XML Schema Definition inputs, with the impact describe...