Xmlsoft Libxml2 vulnerabilities
126 known vulnerabilities affecting xmlsoft/libxml2.
Total CVEs
126
CISA KEV
0
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL16HIGH49MEDIUM55LOW5UNKNOWN1
Vulnerabilities
Page 7 of 7
CVE-2010-4008P4MEDIUMCVSS 4.3fixed in 2.7.82010-11-17
CVE-2010-4008 [MEDIUM] CWE-119 CVE-2010-4008: libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, an
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
nvdosv
CVE-2026-0989P4LOWCVSS 3.7fixed in 2.15.22026-01-15
CVE-2026-0989 [LOW] CWE-674 CVE-2026-0989: A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating
nvdosv
CVE-2025-8732P4LOWCVSS 3.3fixed in 2.15.2v2.14.0+5 more2025-08-08
CVE-2025-8732 [LOW] CWE-404 CVE-2025-8732: A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnera
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vuln
nvdosv
CVE-2026-0992P4LOWCVSS 2.9fixed in 2.15.22026-01-15
CVE-2026-0992 [LOW] CWE-400 CVE-2026-0992: A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU c
nvdosv
CVE-2025-6170P4LOWCVSS 2.5≥ 0, < 2.9.10+dfsg-6.7+deb11u8≥ 0, < 2.9.14+dfsg-1.3~deb12u3+1 more2025-06-16
CVE-2025-6170 [LOW] CVE-2025-6170: A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
osv
CVE-2025-12863UNKNOWN≥ 0, < 2.15.1+dfsg-0.42025-11-07
CVE-2025-12863 CVE-2025-12863: A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library
A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that ac
osv
← Previous7 / 7