Xmlsoft

Libxml2

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.09%
  • Veröffentlicht 24.04.2023 21:15:09
  • Zuletzt bearbeitet 30.05.2025 20:15:31

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

  • EPSS 1.01%
  • Veröffentlicht 24.04.2023 21:15:09
  • Zuletzt bearbeitet 04.02.2025 21:15:23

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This...

  • EPSS 6.78%
  • Veröffentlicht 23.11.2022 18:15:12
  • Zuletzt bearbeitet 28.04.2025 20:15:19

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

  • EPSS 22.79%
  • Veröffentlicht 23.11.2022 00:15:11
  • Zuletzt bearbeitet 29.04.2025 05:15:43

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset,...

Exploit
  • EPSS 0.76%
  • Veröffentlicht 28.07.2022 17:15:07
  • Zuletzt bearbeitet 04.11.2025 16:15:36

Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

Exploit
  • EPSS 3.63%
  • Veröffentlicht 03.05.2022 03:15:06
  • Zuletzt bearbeitet 21.11.2024 06:59:45

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte...

  • EPSS 6.01%
  • Veröffentlicht 26.02.2022 05:15:08
  • Zuletzt bearbeitet 05.05.2025 17:17:56

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

  • EPSS 1.86%
  • Veröffentlicht 09.07.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:48

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

  • EPSS 8.28%
  • Veröffentlicht 19.05.2021 14:15:07
  • Zuletzt bearbeitet 02.12.2025 22:16:07

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

  • EPSS 3.65%
  • Veröffentlicht 18.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte...