Xmlsoft

Libxml2

101 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-6732

Exploit
  • EPSS 0.06%
  • Veröffentlicht 23.04.2026 22:19:34
  • Zuletzt bearbeitet 15.05.2026 14:36:35

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious d...

5.5

CVE-2025-9714

  • EPSS 0.01%
  • Veröffentlicht 10.09.2025 18:43:12
  • Zuletzt bearbeitet 12.05.2026 13:17:30

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEval...

2.5

CVE-2025-6170

  • EPSS 0.03%
  • Veröffentlicht 16.06.2025 15:24:05
  • Zuletzt bearbeitet 19.04.2026 20:16:22

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow...

7.5

CVE-2025-6021

Medienbericht Exploit
  • EPSS 2.12%
  • Veröffentlicht 12.06.2025 12:49:16
  • Zuletzt bearbeitet 12.05.2026 13:17:27

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

7.5

CVE-2025-32415

Exploit
  • EPSS 0.07%
  • Veröffentlicht 17.04.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 20:18:27

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a ...

7.5

CVE-2025-32414

Exploit
  • EPSS 0.18%
  • Veröffentlicht 08.04.2025 03:15:15
  • Zuletzt bearbeitet 03.11.2025 20:18:27

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference betwe...

7.7

CVE-2025-24928

  • EPSS 0.24%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 03.11.2025 22:18:40

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

7.5

CVE-2025-27113

Exploit
  • EPSS 0.09%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 03.11.2025 22:18:43

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

9.8

CVE-2024-56171

  • EPSS 0.18%
  • Veröffentlicht 18.02.2025 22:15:12
  • Zuletzt bearbeitet 03.11.2025 21:17:50

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity...

7.8

CVE-2022-49043

  • EPSS 0.22%
  • Veröffentlicht 26.01.2025 06:15:21
  • Zuletzt bearbeitet 03.11.2025 21:15:55

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.