rpm package
almalinux/libxml2-devel
pkg:rpm/almalinux/libxml2-devel
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9714 | Med | 6.2 | < 2.9.13-14.el9_7 | 2.9.13-14.el9_7 | Sep 10, 2025 | Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion | |
| CVE-2025-7425 | Hig | 7.8 | < 2.9.13-11.el9_6 | 2.9.13-11.el9_6 | Jul 10, 2025 | A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, | |
| CVE-2025-49796 | Cri | 9.1 | < 2.12.5-7.el10_0 | 2.12.5-7.el10_0 | Jun 16, 2025 | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss | |
| CVE-2025-49795 | Hig | 7.5 | < 2.12.5-7.el10_0 | 2.12.5-7.el10_0 | Jun 16, 2025 | A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. | |
| CVE-2025-49794 | Cri | 9.1 | < 2.12.5-7.el10_0 | 2.12.5-7.el10_0 | Jun 16, 2025 | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu | |
| CVE-2025-6021 | Hig | 7.5 | < 2.12.5-7.el10_0 | 2.12.5-7.el10_0 | Jun 12, 2025 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | |
| CVE-2025-32415 | — | < 2.9.7-21.el8_10.3 | 2.9.7-21.el8_10.3 | Apr 17, 2025 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be use | ||
| CVE-2025-32414 | — | < 2.9.13-12.el9_6 | 2.9.13-12.el9_6 | Apr 8, 2025 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. | ||
| CVE-2025-24928 | — | < 2.9.13-6.el9_5.2 | 2.9.13-6.el9_5.2 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | ||
| CVE-2024-56171 | — | < 2.9.13-6.el9_5.2 | 2.9.13-6.el9_5.2 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML | ||
| CVE-2022-49043 | — | < 2.9.13-6.el9_5.1 | 2.9.13-6.el9_5.1 | Jan 26, 2025 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | ||
| CVE-2024-25062 | — | < 2.9.13-6.el9_4 | 2.9.13-6.el9_4 | Feb 4, 2024 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. | ||
| CVE-2023-39615 | — | < 2.9.13-5.el9_3 | 2.9.13-5.el9_3 | Aug 29, 2023 | Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the prod | ||
| CVE-2023-29469 | — | < 2.9.13-3.el9_2.1 | 2.9.13-3.el9_2.1 | Apr 24, 2023 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there | ||
| CVE-2023-28484 | — | < 2.9.13-3.el9_2.1 | 2.9.13-3.el9_2.1 | Apr 24, 2023 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. | ||
| CVE-2022-40304 | — | < 2.9.7-15.el8_7.1 | 2.9.7-15.el8_7.1 | Nov 23, 2022 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | ||
| CVE-2022-40303 | — | < 2.9.7-15.el8_7.1 | 2.9.7-15.el8_7.1 | Nov 22, 2022 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmen | ||
| CVE-2016-3709 | — | < 2.9.7-15.el8 | 2.9.7-15.el8 | Jul 28, 2022 | Possible cross-site scripting vulnerability in libxml after commit 960f0e2. | ||
| CVE-2022-23308 | — | < 2.9.7-12.el8_5 | 2.9.7-12.el8_5 | Feb 26, 2022 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | ||
| CVE-2021-3541 | — | < 2.9.7-9.el8_4.2 | 2.9.7-9.el8_4.2 | Jul 9, 2021 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. |
- affected < 2.9.13-14.el9_7fixed 2.9.13-14.el9_7
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion
- affected < 2.9.13-11.el9_6fixed 2.9.13-11.el9_6
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result,
- affected < 2.12.5-7.el10_0fixed 2.12.5-7.el10_0
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss
- affected < 2.12.5-7.el10_0fixed 2.12.5-7.el10_0
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
- affected < 2.12.5-7.el10_0fixed 2.12.5-7.el10_0
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu
- affected < 2.12.5-7.el10_0fixed 2.12.5-7.el10_0
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
- CVE-2025-32415Apr 17, 2025affected < 2.9.7-21.el8_10.3fixed 2.9.7-21.el8_10.3
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be use
- CVE-2025-32414Apr 8, 2025affected < 2.9.13-12.el9_6fixed 2.9.13-12.el9_6
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
- CVE-2025-24928Feb 18, 2025affected < 2.9.13-6.el9_5.2fixed 2.9.13-6.el9_5.2
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
- CVE-2024-56171Feb 18, 2025affected < 2.9.13-6.el9_5.2fixed 2.9.13-6.el9_5.2
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML
- CVE-2022-49043Jan 26, 2025affected < 2.9.13-6.el9_5.1fixed 2.9.13-6.el9_5.1
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
- CVE-2024-25062Feb 4, 2024affected < 2.9.13-6.el9_4fixed 2.9.13-6.el9_4
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
- CVE-2023-39615Aug 29, 2023affected < 2.9.13-5.el9_3fixed 2.9.13-5.el9_3
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the prod
- CVE-2023-29469Apr 24, 2023affected < 2.9.13-3.el9_2.1fixed 2.9.13-3.el9_2.1
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there
- CVE-2023-28484Apr 24, 2023affected < 2.9.13-3.el9_2.1fixed 2.9.13-3.el9_2.1
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
- CVE-2022-40304Nov 23, 2022affected < 2.9.7-15.el8_7.1fixed 2.9.7-15.el8_7.1
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
- CVE-2022-40303Nov 22, 2022affected < 2.9.7-15.el8_7.1fixed 2.9.7-15.el8_7.1
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmen
- CVE-2016-3709Jul 28, 2022affected < 2.9.7-15.el8fixed 2.9.7-15.el8
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
- CVE-2022-23308Feb 26, 2022affected < 2.9.7-12.el8_5fixed 2.9.7-12.el8_5
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
- CVE-2021-3541Jul 9, 2021affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
Page 1 of 2