Xmlsoft

Libxml2

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.33%
  • Veröffentlicht 08.04.2025 03:15:15
  • Zuletzt bearbeitet 03.11.2025 20:18:27

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference betwe...

  • EPSS 0.38%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 03.11.2025 22:18:40

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Exploit
  • EPSS 1.01%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 03.11.2025 22:18:43

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

  • EPSS 1.13%
  • Veröffentlicht 18.02.2025 22:15:12
  • Zuletzt bearbeitet 03.11.2025 21:17:50

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity...

  • EPSS 0.26%
  • Veröffentlicht 26.01.2025 06:15:21
  • Zuletzt bearbeitet 03.11.2025 21:15:55

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

Medienbericht
  • EPSS 1.19%
  • Veröffentlicht 23.12.2024 17:15:08
  • Zuletzt bearbeitet 25.11.2025 13:32:32

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possi...

Exploit
  • EPSS 2.3%
  • Veröffentlicht 14.05.2024 15:39:11
  • Zuletzt bearbeitet 04.11.2025 22:16:01

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

Exploit
  • EPSS 1.36%
  • Veröffentlicht 04.02.2024 16:15:45
  • Zuletzt bearbeitet 03.11.2025 22:16:47

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

  • EPSS 0.83%
  • Veröffentlicht 06.10.2023 22:15:11
  • Zuletzt bearbeitet 03.11.2025 21:16:01

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... be...

Exploit
  • EPSS 0.67%
  • Veröffentlicht 29.08.2023 17:15:12
  • Zuletzt bearbeitet 03.11.2025 21:15:59

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vend...