CVE-2025-25341
- EPSS 0.03%
- Veröffentlicht 26.12.2025 00:00:00
- Zuletzt bearbeitet 31.12.2025 21:37:22
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).
CVE-2024-34391
- EPSS 3.18%
- Veröffentlicht 02.05.2024 19:15:06
- Zuletzt bearbeitet 10.10.2025 18:20:45
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit syst...
CVE-2024-34392
- EPSS 3.18%
- Veröffentlicht 02.05.2024 19:15:06
- Zuletzt bearbeitet 10.10.2025 18:19:30
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability ...
CVE-2024-34393
- EPSS 3.26%
- Veröffentlicht 02.05.2024 19:15:06
- Zuletzt bearbeitet 25.11.2024 13:15:06
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit sys...
CVE-2022-21144
- EPSS 0.18%
- Veröffentlicht 01.05.2022 16:15:07
- Zuletzt bearbeitet 21.11.2024 06:43:58
This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V...