Xmlsoft

Libxml2

100 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-34459

Exploit
  • EPSS 0.85%
  • Veröffentlicht 14.05.2024 15:39:11
  • Zuletzt bearbeitet 04.11.2025 22:16:01

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

7.5

CVE-2024-25062

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.02.2024 16:15:45
  • Zuletzt bearbeitet 03.11.2025 22:16:47

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

6.5

CVE-2023-45322

  • EPSS 0.08%
  • Veröffentlicht 06.10.2023 22:15:11
  • Zuletzt bearbeitet 03.11.2025 21:16:01

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... be...

6.5

CVE-2023-39615

Exploit
  • EPSS 0.11%
  • Veröffentlicht 29.08.2023 17:15:12
  • Zuletzt bearbeitet 03.11.2025 21:15:59

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vend...

6.5

CVE-2023-29469

  • EPSS 0.05%
  • Veröffentlicht 24.04.2023 21:15:09
  • Zuletzt bearbeitet 04.02.2025 21:15:23

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This...

6.5

CVE-2023-28484

Exploit
  • EPSS 0.24%
  • Veröffentlicht 24.04.2023 21:15:09
  • Zuletzt bearbeitet 30.05.2025 20:15:31

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

7.8

CVE-2022-40304

  • EPSS 0.11%
  • Veröffentlicht 23.11.2022 18:15:12
  • Zuletzt bearbeitet 28.04.2025 20:15:19

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

7.5

CVE-2022-40303

  • EPSS 0.18%
  • Veröffentlicht 23.11.2022 00:15:11
  • Zuletzt bearbeitet 29.04.2025 05:15:43

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset,...

6.1

CVE-2016-3709

Exploit
  • EPSS 0.12%
  • Veröffentlicht 28.07.2022 17:15:07
  • Zuletzt bearbeitet 04.11.2025 16:15:36

Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

6.5

CVE-2022-29824

Exploit
  • EPSS 0.07%
  • Veröffentlicht 03.05.2022 03:15:06
  • Zuletzt bearbeitet 21.11.2024 06:59:45

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte...