Xmlsoft Libxml2 vulnerabilities
126 known vulnerabilities affecting xmlsoft/libxml2.
Total CVEs
126
CISA KEV
0
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL16HIGH49MEDIUM56LOW4UNKNOWN1
Vulnerabilities
Page 1 of 7
CVE-2022-40303P2HIGHCVSS 7.5Exploitedfixed in 2.10.32022-11-23
CVE-2022-40303 [HIGH] CWE-190 CVE-2022-40303: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with th
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
nvdosv
CVE-2022-40304P2HIGHCVSS 7.8Exploitedfixed in 2.10.32022-11-23
CVE-2022-40304 [HIGH] CWE-415 CVE-2022-40304: An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
nvdosv
CVE-2008-3529P2CRITICALCVSS 10.0PoCfixed in 2.7.02008-09-12
CVE-2008-3529 [CRITICAL] CWE-119 CVE-2008-3529: Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
nvdosv
CVE-2011-1944P3CRITICALCVSS 9.3PoCv2.6.0v2.6.1+30 more2011-09-02
CVE-2011-1944 [CRITICAL] CWE-189 CVE-2011-1944: Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPat
nvdosv
CVE-2004-0989P3CRITICALCVSS 10.0PoCv2.5.11v2.6.6+7 more2005-03-01
CVE-2004-0989 [CRITICAL] CVE-2004-0989: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may al
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflow
nvdosv
CVE-2017-7376P2CRITICALCVSS 9.8fixed in 2.9.52018-02-19
CVE-2017-7376 [CRITICAL] CWE-119 CVE-2017-7376: Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorr
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
nvdosv
CVE-2004-0110P3HIGHCVSS 7.5PoCv2.4.19v2.4.23+9 more2004-03-15
CVE-2004-0110 [HIGH] CVE-2004-0110: Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 throu
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
nvdosv
CVE-2021-3517P3HIGHCVSS 8.6fixed in 2.9.11vlibxml2 2.9.112021-05-19
CVE-2021-3517 [HIGH] CWE-787 CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An at
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential im
nvdosv
CVE-2014-0191P4MEDIUMCVSS 4.3PoC≥ 0, < 2.9.1+dfsg1-42015-01-21
CVE-2014-0191 [MEDIUM] CVE-2014-0191: The xmlParserHandlePEReference function in parser
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML docu
osv
CVE-2016-1839P4MEDIUMCVSS 5.5PoCfixed in 2.9.42016-05-20
CVE-2016-1839 [MEDIUM] CWE-125 CVE-2016-1839: The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X befor
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvdosv
CVE-2016-1838P4MEDIUMCVSS 5.5PoC≤ 2.9.42016-05-20
CVE-2016-1838 [MEDIUM] CWE-125 CVE-2016-1838: The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvdosv
CVE-2016-4658P3CRITICALCVSS 9.8fixed in 2.9.52016-09-25
CVE-2016-4658 [CRITICAL] CWE-119 CVE-2016-4658: xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 1
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
nvdosv
CVE-2025-49796P3CRITICALCVSS 9.1≥ 0, < 2.9.10+dfsg-6.7+deb11u8≥ 0, < 2.9.14+dfsg-1.3~deb12u3+1 more2025-06-16
CVE-2025-49796 [CRITICAL] CVE-2025-49796: A vulnerability was found in libxml2
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
osv
CVE-2017-7375P3CRITICALCVSS 9.8≤ 2.9.4v2.9.42018-02-19
CVE-2017-7375 [CRITICAL] CWE-611 CVE-2017-7375: A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the calle
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expo
nvdosv
CVE-2021-3518P3HIGHCVSS 8.8fixed in 2.9.11vlibxml2 2.9.112021-05-18
CVE-2021-3518 [HIGH] CWE-416 CVE-2021-3518: There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted fil
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
nvdosv
CVE-2024-56171P3CRITICALCVSS 9.8fixed in 2.12.10≥ 2.13.0, < 2.13.62025-02-18
CVE-2024-56171 [CRITICAL] CWE-416 CVE-2024-56171: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables a
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
nvdosv
CVE-2025-49794P3CRITICALCVSS 9.1≥ 0, < 2.9.10+dfsg-6.7+deb11u8≥ 0, < 2.9.14+dfsg-1.3~deb12u3+1 more2025-06-16
CVE-2025-49794 [CRITICAL] CVE-2025-49794: A use-after-free vulnerability was found in libxml2
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
osv
CVE-2016-4448P3CRITICALCVSS 9.8≤ 2.9.32016-06-09
CVE-2016-4448 [CRITICAL] CWE-134 CVE-2016-4448: Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
nvdosv
CVE-2024-40896P3CRITICALCVSS 9.1≥ 2.11.0, < 2.11.9≥ 2.12.0, < 2.12.9+1 more2024-12-23
CVE-2024-40896 [CRITICAL] CWE-611 CVE-2024-40896: In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produc
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
nvdosv
CVE-2017-15412P3HIGHCVSS 8.8fixed in 2.9.52018-08-28
CVE-2017-15412 [HIGH] CWE-416 CVE-2017-15412: Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other pro
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvdosv
1 / 7Next →