Lucene search
K
XmlsoftLibxml2

35 matches found

CVE
CVE
added 2024/02/04 12:0 a.m.1194 views

CVE-2024-25062

CVE-2024-25062 : Affects libxml2 prior to 2.11.7 and 2.12.x prior to 2.12.5. When using the XML Reader with DTD validation and XInclude expansion, crafted XML can trigger an xmlValidatePopElement use-after-free, as described in multiple connected sources. Impact is described as an availability co...

7.5CVSS7.4AI score0.01364EPSS
CVE
CVE
added 2024/05/13 12:0 a.m.1160 views

CVE-2024-34459

The CVE-2024-34459 issue affects libxml2’s xmllint when using --htmlout, where a formatting error in error messages can trigger a buffer over-read in xmlHTMLPrintFileContext. The vulnerability concerns xmllint and the libxml2 parser before versions 2.11.8 and 2.12.x before 2.12.7. A PoC exists pe...

7.5CVSS6.5AI score0.02298EPSS
CVE
CVE
added 2020/01/21 10:54 p.m.624 views

CVE-2020-7595

CVE-2020-7595 affects libxml2, specifically the xmlStringLenDecodeEntities function in parser.c of version 2.9.10, which can enter an infinite loop in certain end-of-file situations. Several connected advisories (e.g., ASA-202011-15) corroborate the issue and describe the impact as potential deni...

7.5CVSS7.6AI score0.07627EPSS
CVE
CVE
added 2020/01/21 10:53 p.m.573 views

CVE-2019-20388

CVE-2019-20388 affects libxml2 2.9.10. The Broadcom advisory BSNSA36819 confirms a memory leak in xmlSchemaValidateStream (xmlschemas.c) that can impact availability (memory exhaustion) when processing XML schemas. Affected component: libxml2’s xmlSchemaValidateStream; root cause relates to a lea...

7.5CVSS7.6AI score0.04268EPSS
CVE
CVE
added 2019/12/24 3:12 p.m.480 views

CVE-2019-19956

Summary (CVE-2019-19956) libxml2 before 2.9.10 contains a memory leak in xmlParseBalancedChunkMemoryRecover (parser.c) related to newDoc->oldNs. This can lead to memory not being freed (partial impact noted) and, per mapped references, contributes to DoS scenarios. The CVSS data across sources...

7.5CVSS7.5AI score0.05515EPSS
CVE
CVE
added 2022/02/26 12:0 a.m.476 views

CVE-2022-23308

CVE-2022-23308 affects libxml2 before 2.9.13, caused by a use-after-free in ID/IDREF attributes in valid.c. The NVD data shows a CVSS 3.1 base score of 7.5 (NETWORK, PR:N, UI:N, S:U, C:N/I:N/A:H) and CVSS 2.0 base score of 4.3 (NETWORK, A:P). Connected advisories confirm the same flaw and referen...

7.5CVSS7.7AI score0.0601EPSS
CVE
CVE
added 2015/12/15 9:0 p.m.424 views

CVE-2015-5312

Summary (CVE-2015-5312) A DoS via XML entity expansion was reported in libxml2 (xmlStringLenDecodeEntities in parser.c) affecting versions before 2.9.3. The issue allows a context-dependent attacker to trigger high CPU usage by processing crafted XML data, as described in the CVE entry and corrob...

7.1CVSS6.2AI score0.04537EPSS
CVE
CVE
added 2022/11/22 12:0 a.m.406 views

CVE-2022-40303

CVE-2022-40303 affects libxml2 prior to 2.10.3. When parsing multi‑gigabyte XML with XML_PARSE_HUGE enabled, integer counters can overflow and cause an access at a negative 2GB offset, typically leading to a segmentation fault. Public sources (including libxml2‑focused advisories and AWS ALAS/BSN...

7.5CVSS6.9AI score0.22791EPSS
CVE
CVE
added 2022/11/23 12:0 a.m.355 views

CVE-2022-40304

CVE-2022-40304: libxml2 before 2.10.3 contains invalid XML entity definitions that can corrupt a hash table key, potentially triggering logic errors and, in at least one case, a double-free. Affected library is libxml2; CVSS v3.1 shows base score 7.8 (HIGH) with LOCAL access, high impact. Public ...

7.8CVSS6.9AI score0.06782EPSS
CVE
CVE
added 2018/07/19 1:0 p.m.331 views

CVE-2018-14404

The CVE-2018-14404 entry affects libxml2 (up to 2.9.8). It describes a NULL pointer dereference in xpath.c:xmlXPathCompOpEval() when parsing an invalid XPath expression in the XPATH_OP_AND/OR case, potentially causing a denial-of-service crash for applications processing untrusted XSL inputs. Pub...

7.5CVSS6.3AI score0.03681EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.290 views

CVE-2025-24928

CVE-2025-24928 affects libxml2 (versions before 2.12.10 and 2.13.x before 2.13.6) with a stack-based buffer overflow in xmlSnprintfElements (valid.c) that requires DTD validation for exploitation. Remediation per connected docs: upgrade libxml2 to 2.12.10+ or 2.13.6+ (e.g., via libxml2 update) an...

7.8CVSS7.5AI score0.00375EPSS
CVE
CVE
added 2016/05/16 10:0 a.m.281 views

CVE-2015-6837

The vulnerability CVE-2015-6837/6838 is a NULL pointer dereference in PHP’s XSLTProcessor (ext/xsl/xsltprocessor.c) when using libxslt, triggered by valuePop() returning NULL without a check. Affected PHP versions are prior to 5.4.45, 5.5.x prior to 5.5.29, and 5.6.x prior to 5.6.13 when libxml2

7.5CVSS7.6AI score0.06574EPSS
CVE
CVE
added 2016/05/16 10:0 a.m.276 views

CVE-2015-6838

CVE-2015-6838 affects PHP’s XSLTProcessor (ext/xsl/xsltprocessor.c). When libxml2 before 2.9.2 is used, the code does not guard the return value of valuePop(), allowing a NULL pointer dereference that can crash the application (denial of service). The vulnerability is documented as: PHP versions ...

7.5CVSS7.6AI score0.07276EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.250 views

CVE-2025-27113

Summary of CVE-2025-27113 context and public details : The vulnerability is in libxml2 (affected patterns CVE-2025-27113) with a NULL pointer dereference in xmlPatMatch (pattern.c). Public documentation indicates affected releases include libxml2 versions prior to 2.12.10 and 2.13.x prior to 2.13...

7.5CVSS7.2AI score0.01009EPSS
CVE
CVE
added 2016/06/09 4:0 p.m.245 views

CVE-2016-4447

CVE-2016-4447 affects libxml2 up to version before 2.9.4. The vulnerability is in the xmlParseElementDecl function (parser.c) where a crafted file via xmlParseName can cause a heap-based buffer underread, leading to denial of service (application crash). Remediation: upgrade to libxml2 2.9.4 or n...

7.5CVSS8.1AI score0.1398EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.240 views

CVE-2017-9047

CVE-2017-9047: libxml2 contains a stack-based buffer overflow in xmlSnprintfElementContent (valid.c) when dumping element content definitions; the check uses the pre-update length, allowing writes beyond the buffer and potentially crashing programs (e.g., PHP). The provided documents describe the...

7.5CVSS7.2AI score0.03185EPSS
CVE
CVE
added 2025/04/08 12:0 a.m.231 views

CVE-2025-32414

CVE-2025-32414 concerns libxml2 prior to 2.13.8 and 2.14.x prior to 2.14.2, where the Python bindings can trigger an out-of-bounds memory access due to an incorrect return value in the Python API. Affected code paths include xmlPythonFileRead and xmlPythonFileReadRaw, caused by a mismatch between...

7.5CVSS7.1AI score0.00355EPSS
CVE
CVE
added 2017/11/23 9:0 p.m.229 views

CVE-2017-16932

CVE-2017-16932 affects the libxml2 parser: in versions before 2.9.5, expanding a parameter entity in a DTD can result in infinite recursion, potentially leading to a denial of service or memory exhaustion. Affected component is the libxml2 XML C parser. Connected sources corroborate the issue and...

7.5CVSS6.7AI score0.05928EPSS
CVE
CVE
added 2025/04/17 12:0 a.m.205 views

CVE-2025-32415

CVE-2025-32415 affects libxml2: vulnerable in versions prior to 2.13.8 and 2.14.x prior to 2.14.2. The root cause is a heap-based buffer under-read in xmlSchemaIDCFillNodeTables (xmlschemas.c) that can be triggered by validating a crafted XML against a specific identity-constrained XML schema or ...

7.5CVSS4.1AI score0.00559EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.203 views

CVE-2017-9050

CVE-2017-9050 affects libxml2 (notably 2.9.4 builds such as 20904-GITv2.9.4-16-g0741801). Root cause: a heap-based buffer over-read in dict.c:xmlDictAddString, stemming from an incomplete fix for CVE-2016-1839. Impact: can cause a crash in applications using libxml2 (e.g., PHP). Public details in...

7.5CVSS7.5AI score0.04626EPSS
CVE
CVE
added 2016/05/17 2:0 p.m.195 views

CVE-2016-3627

CVE-2016-9596, related to libxml2 used in Red Hat JBoss Core Services, allows a denial of service via crafted XML when in recovery mode. This vulnerability exists because of an incorrect fix for CVE-2016-3627 and results in stack consumption. The issue is specifically described as a DoS (stack gr...

7.5CVSS7AI score0.07025EPSS
CVE
CVE
added 2017/04/11 4:0 p.m.171 views

CVE-2016-4483

CVE-2016-4483 is a libxml2 serialization bug: xmlBufAttrSerializeTxtContent can trigger an out-of-bounds read when a non-UTF-8 attribute value is serialized, leading to a denial of service. Connected records note related follow-ons: CVE-2016-9598 (and CVE-2016-9596) describe DoS/out-of-bounds sce...

7.5CVSS7.2AI score0.06165EPSS
CVE
CVE
added 2025/06/12 12:49 p.m.163 views

CVE-2025-6021

Affects libxml2: multiple vendors report CVE-2025-6021 (integer overflow in xmlBuildQName causing stack-based buffer overflow). Documents show vulnerable libxml2 variants across distributions (e.g., AWS ALAS advisories for libxml2 with 2.9/2.10 lines; AIX advisory listing affected filesets; Astra...

7.5CVSS7.4AI score0.01067EPSS
CVE
CVE
added 2010/12/07 8:0 p.m.162 views

CVE-2010-4494

CVE-2010-4494 is a double-free vulnerability in libxml2 (notably 2.7.8 and related versions) used by Chrome and other products. The issue affects libxml2’s handling of XPath/XML entities and could allow a remote attacker to crash or potentially execute code via crafted XML input. Public advisorie...

7.5CVSS7.8AI score0.07533EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.158 views

CVE-2017-9049

CVE-2017-9049 affects libxml2 prior to a fix released after 2.9.4. It describes a heap-based buffer over-read in xmlDictComputeFastKey within dict.c, which can cause programs using libxml2 (e.g., PHP) to crash. The vulnerability arises from an incomplete fix (Bug 759398). Public references show t...

7.5CVSS7.4AI score0.04626EPSS
CVE
CVE
added 2016/05/17 2:0 p.m.152 views

CVE-2016-3705

CVE-2016-3705 affects libxml2 (tracked in CVE-2016-3705) and is caused by insufficient tracking of recursion depth in parser.c (functions xmlParserEntityCheck and xmlParseAttValueComplex). A crafted XML document with many nested entity references can exhaust the stack, causing a denial of service...

7.5CVSS7.6AI score0.05103EPSS
CVE
CVE
added 2016/06/09 4:0 p.m.151 views

CVE-2016-4449

CVE-2016-4449 is an XML External Entity (XXE) vulnerability in libxml2’s parser.c (xmlStringLenDecodeEntities) affecting libxml2 up to version 2.9.4. ALT Linux advisory entries show a confirmed fix in libxml2 version 2.9.4.0.12.e905-alt1 (and related package updates), indicating that patches were...

7.1CVSS8.2AI score0.01661EPSS
CVE
CVE
added 2017/05/18 6:13 a.m.150 views

CVE-2017-9048

CVE-2017-9048 affects libxml2. The vulnerability is a stack-based buffer overflow in the function xmlSnprintfElementContent (valid.c): when recursively dumping element content, the code may strcat two characters after computing the current length without ensuring the buffer has space, allowing a ...

7.5CVSS6.8AI score0.04888EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.142 views

CVE-2016-1840

CVE-2016-1840: libxml2 contains a heap-based buffer overflow in xmlFAParsePosCharGroup (pre-2.9.4). Affected on Apple iOS (pre-9.3.2), OS X (pre-10.11.5), tvOS (pre-9.2.1), watchOS (pre-2.2.1); can lead to remote code execution or memory corruption. Remediation: upgrade libxml2 to 2.9.4 or later ...

7.8CVSS8.6AI score0.03239EPSS
CVE
CVE
added 2016/04/13 5:0 p.m.139 views

CVE-2015-8806

CVE-2015-8806 — libxml2 heap-buffer overread in dict.c . A remote attacker can crash an affected application by sending a crafted HTML document containing an unexpected character immediately after the "

7.5CVSS7.1AI score0.04964EPSS
CVE
CVE
added 2018/07/30 2:0 p.m.111 views

CVE-2016-9597

CVE-2016-9597 is a regression for CVE-2016-3705 where Red Hat/JBoss RHSA-2016:2957 did not include the fix for libxml2, leaving a denial-of-service risk via a stack overflow. The connected records confirm libxml2 as the affected library and document multiple publisher advisories (RHSA-2016:1292, ...

7.5CVSS7AI score0.05103EPSS
CVE
CVE
added 2013/04/25 11:0 p.m.94 views

CVE-2013-1969

CVE-2013-1969 affects libxml2 (notably 2.9.0 and possibly later) with multiple use-after-free vulnerabilities in parsing code. The advisory describes context-dependent attackers potentially crashing the process or, in some cases, executing arbitrary code via the htmlParseChunk and xmldecl_done pa...

7.5CVSS9.8AI score0.03819EPSS
CVE
CVE
added 2004/03/04 5:0 a.m.81 views

CVE-2004-0110

The CVE-2004-0110 issue is a real vulnerability in libxml (XMLSoft Libxml2) affecting versions 2.6.0–2.6.5, where a long URL can trigger a buffer overflow in the nanohttp/nanoftp URL parsing paths, enabling remote arbitrary code execution. Related CVEs (CVE-2004-0989) cover buffer overflows in FT...

7.5CVSS6.8AI score0.24232EPSS
CVE
CVE
added 2026/04/23 10:19 p.m.50 views

CVE-2026-6732

CVE-2026-6732 affects libxml2 and is triggered when parsing an XSD-validated document that contains an internal entity reference, causing a type confusion error and a DoS via crashes. The vulnerability is tied to how libxml2 processes crafted XML Schema Definition inputs, with the impact describe...

7.5CVSS5.7AI score0.00632EPSS
CVE
CVE
added 2026/06/29 1:21 p.m.29 views

CVE-2026-11979

CVE-2026-11979 affects libxml2 in the xmlcatalog utility when run in --shell mode. The usershell() function reads input into fixed-size stack buffers without proper bounds checking, allowing an overly long input line to overflow buffers (command, arg, argv) and cause stack memory corruption. Cons...

7.8CVSS6.7AI score0.00148EPSS