Xmlsoft

Libxml2

97 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2025-9714

  • EPSS 0.01%
  • Published 10.09.2025 18:43:12
  • Last modified 17.09.2025 21:13:10

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEval...

2.5

CVE-2025-6170

  • EPSS 0.02%
  • Published 16.06.2025 15:24:05
  • Last modified 12.08.2025 13:04:06

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow...

7.5

CVE-2025-32415

Exploit
  • EPSS 0.02%
  • Published 17.04.2025 00:00:00
  • Last modified 23.04.2025 18:17:52

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a ...

7.5

CVE-2025-32414

Exploit
  • EPSS 0.04%
  • Published 08.04.2025 03:15:15
  • Last modified 23.04.2025 19:09:35

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference betwe...

7.5

CVE-2025-27113

Exploit
  • EPSS 0.06%
  • Published 18.02.2025 23:15:10
  • Last modified 07.03.2025 01:15:12

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

7.8

CVE-2025-24928

  • EPSS 0.01%
  • Published 18.02.2025 23:15:10
  • Last modified 21.03.2025 18:15:34

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

7.8

CVE-2024-56171

  • EPSS 0.01%
  • Published 18.02.2025 22:15:12
  • Last modified 28.03.2025 15:15:46

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity...

7.8

CVE-2022-49043

  • EPSS 0.04%
  • Published 26.01.2025 06:15:21
  • Last modified 07.10.2025 16:24:00

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

7.5

CVE-2024-25062

Exploit
  • EPSS 0.11%
  • Published 04.02.2024 16:15:45
  • Last modified 09.05.2025 18:16:03

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

6.5

CVE-2023-45322

  • EPSS 0.08%
  • Published 06.10.2023 22:15:11
  • Last modified 21.11.2024 08:26:44

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... be...