Xmlsoft Libxml2 vulnerabilities
126 known vulnerabilities affecting xmlsoft/libxml2.
Total CVEs
126
CISA KEV
0
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL16HIGH49MEDIUM56LOW4UNKNOWN1
Vulnerabilities
Page 3 of 7
CVE-2015-8710P3CRITICALCVSS 9.8fixed in 2.9.32016-04-11
CVE-2015-8710 [CRITICAL] CWE-119 CVE-2015-8710: The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive inform
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
nvdosv
CVE-2017-9050P3HIGHCVSS 7.5v2.9.42017-05-18
CVE-2017-9050 [HIGH] CVE-2017-9050: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAdd
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
nvdosv
CVE-2008-4226P3CRITICALCVSS 10.0≥ 0, < 2.6.32.dfsg-52008-11-25
CVE-2008-4226 [CRITICAL] CVE-2008-4226: Integer overflow in the xmlSAX2Characters function in libxml2 2
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
osv
CVE-2016-1762P3HIGHCVSS 8.1fixed in 2.9.42016-03-24
CVE-2016-1762 [HIGH] CWE-119 CVE-2016-1762: The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of servic
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvdosv
CVE-2022-49043P3HIGHCVSS 7.8fixed in 2.11.0≥ 2.0.0, < 2.11.02025-01-26
CVE-2022-49043 [HIGH] CWE-416 CVE-2022-49043: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
nvdosv
CVE-2025-32415P3HIGHCVSS 7.5fixed in 2.13.8≥ 2.14.0, < 2.14.22025-04-17
CVE-2025-32415 [HIGH] CWE-1284 CVE-2025-32415: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
nvdosv
CVE-2016-9597P3HIGHCVSS 7.5v2.9.32018-07-30
CVE-2016-9597 [HIGH] CVE-2016-9597: It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actua
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
nvd
CVE-2017-9047P3HIGHCVSS 7.5v2.9.4fixed in 2.12.10+1 more2017-05-18
CVE-2017-9047 [HIGH] CWE-119 CVE-2017-9047: A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfEle
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is a
nvdosv
CVE-2017-8872P3CRITICALCVSS 9.1v2.9.42017-05-10
CVE-2017-8872 [CRITICAL] CWE-125 CVE-2017-8872: The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denia
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
nvdosv
CVE-2017-9049P3HIGHCVSS 7.5v2.9.42017-05-18
CVE-2017-9049 [HIGH] CWE-125 CVE-2017-9049: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictCom
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.
nvdosv
CVE-2013-0339P3MEDIUMCVSS 6.8≤ 2.9.1v1.7.0+124 more2014-01-21
CVE-2013-0339 [MEDIUM] CWE-264 CVE-2013-0339: libxml2 through 2.9.1 does not properly handle external entities expansion unless an application dev
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, a
nvdosv
CVE-2015-6838P3HIGHCVSS 7.5≤ 2.9.12016-05-16
CVE-2015-6838 [HIGH] CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service
nvd
CVE-2025-27113P3HIGHCVSS 7.5fixed in 2.12.10≥ 2.13.0, < 2.13.62025-02-18
CVE-2025-27113 [HIGH] CWE-476 CVE-2025-27113: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pat
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
nvdosv
CVE-2015-6837P3HIGHCVSS 7.5≤ 2.9.12016-05-16
CVE-2015-6837 [HIGH] CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NU
nvd
CVE-2019-20388P3HIGHCVSS 7.5v2.9.102020-01-21
CVE-2019-20388 [HIGH] CWE-401 CVE-2019-20388: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
nvdosv
CVE-2013-1969P3HIGHCVSS 7.5v2.9.02013-04-25
CVE-2013-1969 [HIGH] CWE-399 CVE-2013-1969: Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow con
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
nvd
CVE-2012-5134P3MEDIUMCVSS 6.8≤ 2.9.0v1.7.0+115 more2012-11-28
CVE-2012-5134 [MEDIUM] CWE-119 CVE-2012-5134: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
nvdosv
CVE-2022-2309P3HIGHCVSS 7.5≥ 0, < 2.9.10+dfsg-6.7+deb11u5≥ 0, < 2.9.14+dfsg-1.3~deb12u1+1 more2022-07-05
CVE-2022-2309 [HIGH] CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash)
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwa
osv
CVE-2010-4494P3HIGHCVSS 7.5≤ 2.7.82010-12-07
CVE-2010-4494 [HIGH] CWE-415 CVE-2010-4494: Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.5
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
nvdosv
CVE-2016-3627P3HIGHCVSS 7.5≤ 2.9.32016-05-17
CVE-2016-3627 [HIGH] CWE-674 CVE-2016-3627: The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
nvdosv