cbcvebase.

Xmlsoft Libxml2 vulnerabilities

126 known vulnerabilities affecting xmlsoft/libxml2.

Total CVEs
126
CISA KEV
0
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL16HIGH49MEDIUM55LOW5UNKNOWN1

Vulnerabilities

Page 5 of 7
CVE-2015-7499P4MEDIUMCVSS 5.0≤ 2.9.22015-12-15
CVE-2015-7499 [MEDIUM] CWE-119 CVE-2015-7499: Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows contex Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
nvdosv
CVE-2015-1819P4MEDIUMCVSS 5.0≥ 0, < 2.9.1+dfsg1-3ubuntu4.52015-11-16
CVE-2015-1819 [MEDIUM] libxml2 vulnerabilities libxml2 vulnerabilities Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819) Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If
osv
CVE-2023-29469P4MEDIUMCVSS 6.5fixed in 2.10.42023-04-24
CVE-2023-29469 [MEDIUM] CWE-415 CVE-2023-29469: An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML d An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value
nvdosv
CVE-2023-45322P4MEDIUMCVSS 6.5≤ 2.11.52023-10-06
CVE-2023-45322 [MEDIUM] CWE-416 CVE-2023-45322: libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fa libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
nvdosv
CVE-2016-9318P4MEDIUMCVSS 5.5≤ 2.9.42016-11-16
CVE-2016-9318 [MEDIUM] CWE-611 CVE-2016-9318: libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
nvdosv
CVE-2011-2821P4HIGHCVSS 7.5≥ 0, < 2.7.8.dfsg-52011-08-29
CVE-2011-2821 [HIGH] CVE-2011-2821: Double free vulnerability in libxml2, as used in Google Chrome before 13 Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
osv
CVE-2018-14404P4MEDIUMCVSS 6.5≤ 2.9.82018-07-19
CVE-2018-14404 [MEDIUM] CWE-476 CVE-2018-14404: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libx A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash
nvdosv
CVE-2014-3660P4MEDIUMCVSS 5.0≤ 2.9.1v2.0.0+106 more2014-11-04
CVE-2014-3660 [MEDIUM] CVE-2014-3660: parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substit parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
nvdosv
CVE-2012-2871P4MEDIUMCVSS 6.8≤ 2.9.02012-08-31
CVE-2012-2871 [MEDIUM] CVE-2012-2871: libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly suppo libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
nvd
CVE-2015-8317P4MEDIUMCVSS 5.0≤ 2.9.22015-12-15
CVE-2015-8317 [MEDIUM] CWE-119 CVE-2015-8317: The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
nvdosv
CVE-2017-18258P4MEDIUMCVSS 6.5fixed in 2.9.62018-04-08
CVE-2017-18258 [MEDIUM] CWE-770 CVE-2017-18258: The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
nvdosv
CVE-2015-8242P4MEDIUMCVSS 5.8≤ 2.9.22015-12-15
CVE-2015-8242 [MEDIUM] CWE-119 CVE-2015-8242: The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2. The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
nvdosv
CVE-2016-1837P4MEDIUMCVSS 5.5fixed in 2.9.42016-05-20
CVE-2016-1837 [MEDIUM] CWE-416 CVE-2016-1837: Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiter Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
nvdosv
CVE-2016-1836P4MEDIUMCVSS 5.5fixed in 2.9.42016-05-20
CVE-2016-1836 [MEDIUM] CWE-416 CVE-2016-1836: Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
nvdosv
CVE-2023-28484P4MEDIUMCVSS 6.5fixed in 2.10.42023-04-24
CVE-2023-28484 [MEDIUM] CWE-476 CVE-2023-28484: In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer derefere In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
nvdosv
CVE-2026-1757P4MEDIUMCVSS 6.2≥ 0, < 2.15.2+dfsg-0.12026-02-02
CVE-2026-1757 [MEDIUM] CVE-2026-1757: A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not prope A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocat
osv
CVE-2016-2073P4MEDIUMCVSS 6.5fixed in 2.9.42016-02-12
CVE-2016-2073 [MEDIUM] CWE-119 CVE-2016-2073: The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of s The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
nvdosv
CVE-2012-2807P4MEDIUMCVSS 6.8≥ 0, < 2.8.0+dfsg1-52012-06-27
CVE-2012-2807 [MEDIUM] CVE-2012-2807: Multiple integer overflows in libxml2, as used in Google Chrome before 20 Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
osv
CVE-2015-7500P4MEDIUMCVSS 5.0≤ 2.9.22015-12-15
CVE-2015-7500 [MEDIUM] CWE-119 CVE-2015-7500: The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
nvdosv
CVE-2023-39615P4MEDIUMCVSS 6.5v2.11.02023-08-29
CVE-2023-39615 [MEDIUM] CWE-119 CVE-2023-39615: Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement( Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; t
nvdosv
Xmlsoft Libxml2 vulnerabilities | cvebase