VYPR

rpm package

almalinux/libxml2-static

pkg:rpm/almalinux/libxml2-static

Vulnerabilities (7)

  • CVE-2025-49796CriJun 16, 2025
    affected < 2.12.5-7.el10_0fixed 2.12.5-7.el10_0

    A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss

  • CVE-2025-49795HigJun 16, 2025
    affected < 2.12.5-7.el10_0fixed 2.12.5-7.el10_0

    A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

  • CVE-2025-49794CriJun 16, 2025
    affected < 2.12.5-7.el10_0fixed 2.12.5-7.el10_0

    A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu

  • CVE-2025-6021HigJun 12, 2025
    affected < 2.12.5-7.el10_0fixed 2.12.5-7.el10_0

    A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

  • CVE-2025-32415LowApr 17, 2025
    affected < 2.12.5-9.el10_0fixed 2.12.5-9.el10_0

    In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be use

  • CVE-2025-32414MedApr 8, 2025
    affected < 2.12.5-9.el10_0fixed 2.12.5-9.el10_0

    In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

  • CVE-2024-34459HigMay 14, 2024
    affected < 2.12.5-10.el10_2.1fixed 2.12.5-10.el10_2.1

    An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.