Xmlsoft Libxml2 vulnerabilities
126 known vulnerabilities affecting xmlsoft/libxml2.
Total CVEs
126
CISA KEV
0
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL16HIGH49MEDIUM55LOW5UNKNOWN1
Vulnerabilities
Page 4 of 7
CVE-2025-32414P3HIGHCVSS 7.5fixed in 2.13.8≥ 2.14.0, < 2.14.22025-04-08
CVE-2025-32414 [HIGH] CWE-393 CVE-2025-32414: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Pyth
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
nvdosv
CVE-2016-5131P3HIGHCVSS 8.8≤ 2.9.42016-07-23
CVE-2016-5131 [HIGH] CWE-416 CVE-2016-5131: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82,
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
nvdosv
CVE-2019-19956P3HIGHCVSS 7.5fixed in 2.9.102019-12-24
CVE-2019-19956 [HIGH] CWE-401 CVE-2019-19956: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
nvdosv
CVE-2016-3705P3HIGHCVSS 7.5v2.9.32016-05-17
CVE-2016-3705 [HIGH] CWE-20 CVE-2016-3705: The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
nvdosv
CVE-2016-4483P3HIGHCVSS 7.5fixed in 2.9.42017-04-11
CVE-2016-4483 [HIGH] CWE-502 CVE-2016-4483: The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attacker
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
nvdosv
CVE-2011-3919P3HIGHCVSS 7.5≥ 0, < 2.7.8.dfsg-72012-01-07
CVE-2011-3919 [HIGH] CVE-2011-3919: Heap-based buffer overflow in libxml2, as used in Google Chrome before 16
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
osv
CVE-2015-8806P3HIGHCVSS 7.5fixed in 2.9.42016-04-13
CVE-2015-8806 [HIGH] CVE-2015-8806: dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
nvdosv
CVE-2015-5312P4HIGHCVSS 7.1≤ 2.9.22015-12-15
CVE-2015-5312 [HIGH] CVE-2015-5312: The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly preven
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
nvdosv
CVE-2026-0990P3MEDIUMCVSS 5.9fixed in 2.15.22026-01-15
CVE-2026-0990 [MEDIUM] CWE-674 CVE-2026-0990: A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occur
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recu
nvdosv
CVE-2015-8241P4MEDIUMCVSS 6.4≤ 2.9.22015-12-15
CVE-2015-8241 [MEDIUM] CWE-119 CVE-2015-8241: The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-de
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
nvdosv
CVE-2020-24977P4MEDIUMCVSS 6.5v2.9.102020-09-04
CVE-2020-24977 [MEDIUM] CWE-125 CVE-2020-24977: GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesIntern
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
nvdosv
CVE-2022-29824P4MEDIUMCVSS 6.5fixed in 2.9.142022-05-03
CVE-2022-29824 [MEDIUM] CWE-190 CVE-2022-29824: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is af
nvdosv
CVE-2015-7942P4MEDIUMCVSS 6.8v2.9.22015-11-18
CVE-2015-7942 [MEDIUM] CVE-2015-7942: The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
nvdosv
CVE-2015-7498P4MEDIUMCVSS 5.0≤ 2.9.22015-12-15
CVE-2015-7498 [MEDIUM] CWE-119 CVE-2015-7498: Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allow
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
nvdosv
CVE-2016-4449P4HIGHCVSS 7.1≤ 2.9.32016-06-09
CVE-2016-4449 [HIGH] CWE-20 CVE-2016-4449: XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in li
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
nvdosv
CVE-2021-3541P4MEDIUMCVSS 6.5fixed in 2.9.11v2.9.112021-07-09
CVE-2021-3541 [MEDIUM] CWE-776 CVE-2021-3541: A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
nvdosv
CVE-2008-4225P4HIGHCVSS 7.8≥ 0, < 2.6.32.dfsg-52008-11-25
CVE-2008-4225 [HIGH] CVE-2008-4225: Integer overflow in the xmlBufferResize function in libxml2 2
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
osv
CVE-2015-7497P4MEDIUMCVSS 5.0≤ 2.9.22015-12-15
CVE-2015-7497 [MEDIUM] CWE-119 CVE-2015-7497: Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
nvdosv
CVE-2021-3537P4MEDIUMCVSS 5.9fixed in 2.9.11vlibxml2 2.9.112021-05-14
CVE-2021-3537 [MEDIUM] CWE-476 CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors wh
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability
nvdosv
CVE-2018-14567P4MEDIUMCVSS 6.5v2.9.82018-08-16
CVE-2018-14567 [MEDIUM] CVE-2018-14567: libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinit
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
nvdosv