VYPR

rpm package

almalinux/libxml2-devel

pkg:rpm/almalinux/libxml2-devel

Vulnerabilities (25)

  • CVE-2021-3541Jul 9, 2021
    affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2

    A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

  • CVE-2021-3516Jun 1, 2021
    affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2

    There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

  • CVE-2021-3517May 19, 2021
    affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2

    There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely

  • CVE-2021-3518May 18, 2021
    affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2

    There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

  • CVE-2021-3537May 14, 2021
    affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2

    A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applicat

Page 2 of 2