CVE-2026-11979
- EPSS 0.15%
- Veröffentlicht 29.06.2026 13:21:42
- Zuletzt bearbeitet 30.06.2026 20:22:07
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly...
CVE-2026-6732
- EPSS 0.63%
- Veröffentlicht 23.04.2026 22:19:34
- Zuletzt bearbeitet 30.06.2026 20:16:50
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious d...
CVE-2026-0992
- EPSS 0.31%
- Veröffentlicht 15.01.2026 14:20:24
- Zuletzt bearbeitet 30.06.2026 20:17:25
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this...
CVE-2026-0989
- EPSS 0.42%
- Veröffentlicht 15.01.2026 14:20:23
- Zuletzt bearbeitet 30.06.2026 20:20:47
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schem...
CVE-2026-0990
- EPSS 0.76%
- Veröffentlicht 15.01.2026 14:20:06
- Zuletzt bearbeitet 30.06.2026 20:18:46
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit th...
CVE-2025-9714
- EPSS 0.14%
- Veröffentlicht 10.09.2025 18:43:12
- Zuletzt bearbeitet 12.05.2026 13:17:30
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEval...
CVE-2025-8732
- EPSS 0.16%
- Veröffentlicht 08.08.2025 16:32:06
- Zuletzt bearbeitet 01.07.2026 15:25:19
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a ...
CVE-2025-6170
- EPSS 0.19%
- Veröffentlicht 16.06.2025 15:24:05
- Zuletzt bearbeitet 08.07.2026 15:16:24
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow...
CVE-2025-6021
- EPSS 1.07%
- Veröffentlicht 12.06.2025 12:49:16
- Zuletzt bearbeitet 30.06.2026 11:16:27
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
CVE-2025-32415
- EPSS 0.56%
- Veröffentlicht 17.04.2025 00:00:00
- Zuletzt bearbeitet 03.11.2025 20:18:27
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a ...