Xmlsoft Libxml2 vulnerabilities
126 known vulnerabilities affecting xmlsoft/libxml2.
Total CVEs
126
CISA KEV
0
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL16HIGH49MEDIUM56LOW4UNKNOWN1
Vulnerabilities
Page 2 of 7
CVE-2008-4409P4MEDIUMCVSS 5.0PoCv2.7.0v2.7.12008-10-03
CVE-2008-4409 [MEDIUM] CVE-2008-4409: libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, whic
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.
nvd
CVE-2017-5130P3HIGHCVSS 8.8fixed in 2.9.52018-02-07
CVE-2017-5130 [HIGH] CWE-787 CVE-2017-5130: An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
nvdosv
CVE-2017-16931P3CRITICALCVSS 9.8≤ 2.9.42017-11-23
CVE-2017-16931 [CRITICAL] CWE-119 CVE-2017-16931: parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro call
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
nvdosv
CVE-2016-1835P3HIGHCVSS 8.8≥ 0, < 2.9.3+dfsg1-1.12016-05-20
CVE-2016-1835 [HIGH] CVE-2016-1835: Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
osv
CVE-2024-34459P3HIGHCVSS 7.5fixed in 2.11.8≥ 2.12.0, < 2.12.72024-05-14
CVE-2024-34459 [HIGH] CWE-122 CVE-2024-34459: An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
nvdosv
CVE-2026-11979P3HIGHCVSS 7.8≤ 2.15.32026-06-29
CVE-2026-11979 [HIGH] CWE-121 CVE-2026-11979: libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when runnin
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking.
By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsi
nvd
CVE-2016-1834P3HIGHCVSS 7.8fixed in 2.9.42016-05-20
CVE-2016-1834 [HIGH] CWE-119 CVE-2016-1834: Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
nvdosv
CVE-2017-9048P3HIGHCVSS 7.5v2.9.42017-05-18
CVE-2017-9048 [HIGH] CWE-119 CVE-2017-9048: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xml
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(bu
nvdosv
CVE-2011-0216P3CRITICALCVSS 9.3≥ 0, < 2.7.8.dfsg-5.12011-07-21
CVE-2011-0216 [CRITICAL] CVE-2011-0216: Off-by-one error in libxml in Apple Safari before 5
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
osv
CVE-2021-3516P3HIGHCVSS 7.8≥ 0, < 2.9.10+dfsg-6.62021-06-01
CVE-2021-3516 [HIGH] CVE-2021-3516: There's a flaw in libxml2's xmllint in versions before 2
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
osv
CVE-2020-7595P3HIGHCVSS 7.5v2.9.102020-01-21
CVE-2020-7595 [HIGH] CWE-835 CVE-2020-7595: xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-fi
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
nvdosv
CVE-2025-24928P3HIGHCVSS 7.7fixed in 2.12.10≥ 2.13.0, < 2.13.62025-02-18
CVE-2025-24928 [HIGH] CVE-2025-24928: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElem
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
nvdosv
CVE-2026-6732P3HIGHCVSS 7.5≥ 2.13.0, < 2.15.32026-04-23
CVE-2026-6732 [HIGH] CWE-843 CVE-2026-6732: A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafte
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial
nvd
CVE-2022-23308P3HIGHCVSS 7.5fixed in 2.9.132022-02-26
CVE-2022-23308 [HIGH] CWE-416 CVE-2022-23308: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
nvdosv
CVE-2016-1840P3HIGHCVSS 7.8fixed in 2.9.42016-05-20
CVE-2016-1840 [HIGH] CWE-119 CVE-2016-1840: Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used i
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
nvdosv
CVE-2025-6021P3HIGHCVSS 7.5fixed in 2.14.42025-06-12
CVE-2025-6021 [HIGH] CWE-787 CVE-2025-6021: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calcula
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
nvdosv
CVE-2017-0663P3HIGHCVSS 7.8≥ 0, < 2.9.4+dfsg1-3.12017-06-14
CVE-2017-0663 [HIGH] CVE-2017-0663: A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android.
osv
CVE-2016-4447P3HIGHCVSS 7.5≤ 2.9.32016-06-09
CVE-2016-4447 [HIGH] CWE-119 CVE-2016-4447: The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attack
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
nvdosv
CVE-2024-25062P3HIGHCVSS 7.5fixed in 2.11.7≥ 2.12.0, < 2.12.52024-02-04
CVE-2024-25062 [HIGH] CWE-416 CVE-2024-25062: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
nvdosv
CVE-2017-16932P3HIGHCVSS 7.5≤ 2.9.42017-11-23
CVE-2017-16932 [HIGH] CWE-835 CVE-2017-16932: parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
nvdosv