Libxml2 Security Vulnerabilities and Issues — Libxml2 CVE List

Lucene search

XmlsoftLibxml2

5 matches found

CVE•added 2022/02/26 5:15 a.m.•413 views

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5CVSS7.7AI score0.00026EPSS

CVE•added 2022/05/03 3:15 a.m.•360 views

CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer ...

6.5CVSS6.8AI score0.00041EPSS

CVE•added 2022/11/23 12:15 a.m.•333 views

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

7.5CVSS6.9AI score0.00163EPSS

CVE•added 2022/07/28 5:15 p.m.•325 views

CVE-2016-3709

Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

6.1CVSS6AI score0.00109EPSS

CVE•added 2022/11/23 6:15 p.m.•290 views

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

7.8CVSS6.9AI score0.00079EPSS