Xmlsoft

Libxml2

97 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2025-9714

  • EPSS 0.01%
  • Veröffentlicht 10.09.2025 18:43:12
  • Zuletzt bearbeitet 17.09.2025 21:13:10

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEval...

2.5

CVE-2025-6170

  • EPSS 0.02%
  • Veröffentlicht 16.06.2025 15:24:05
  • Zuletzt bearbeitet 12.08.2025 13:04:06

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow...

7.5

CVE-2025-32415

Exploit
  • EPSS 0.02%
  • Veröffentlicht 17.04.2025 00:00:00
  • Zuletzt bearbeitet 23.04.2025 18:17:52

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a ...

7.5

CVE-2025-32414

Exploit
  • EPSS 0.04%
  • Veröffentlicht 08.04.2025 03:15:15
  • Zuletzt bearbeitet 23.04.2025 19:09:35

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference betwe...

7.5

CVE-2025-27113

Exploit
  • EPSS 0.06%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 07.03.2025 01:15:12

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

7.8

CVE-2025-24928

  • EPSS 0.01%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 21.03.2025 18:15:34

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

7.8

CVE-2024-56171

  • EPSS 0.01%
  • Veröffentlicht 18.02.2025 22:15:12
  • Zuletzt bearbeitet 28.03.2025 15:15:46

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity...

7.8

CVE-2022-49043

  • EPSS 0.04%
  • Veröffentlicht 26.01.2025 06:15:21
  • Zuletzt bearbeitet 07.10.2025 16:24:00

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

7.5

CVE-2024-25062

Exploit
  • EPSS 0.11%
  • Veröffentlicht 04.02.2024 16:15:45
  • Zuletzt bearbeitet 09.05.2025 18:16:03

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

6.5

CVE-2023-45322

  • EPSS 0.08%
  • Veröffentlicht 06.10.2023 22:15:11
  • Zuletzt bearbeitet 21.11.2024 08:26:44

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... be...