rpm package
opensuse/libxml2&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2015.5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-34459 | — | < 2.10.3-150500.5.17.1 | 2.10.3-150500.5.17.1 | May 13, 2024 | An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. | ||
| CVE-2024-25062 | — | < 2.10.3-150500.5.14.1 | 2.10.3-150500.5.14.1 | Feb 4, 2024 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. | ||
| CVE-2023-45322 | — | < 2.10.3-150500.5.11.1 | 2.10.3-150500.5.11.1 | Oct 6, 2023 | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically ca | ||
| CVE-2023-39615 | — | < 2.10.3-150500.5.8.1 | 2.10.3-150500.5.8.1 | Aug 29, 2023 | Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the prod |
- CVE-2024-34459May 13, 2024affected < 2.10.3-150500.5.17.1fixed 2.10.3-150500.5.17.1
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
- CVE-2024-25062Feb 4, 2024affected < 2.10.3-150500.5.14.1fixed 2.10.3-150500.5.14.1
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
- CVE-2023-45322Oct 6, 2023affected < 2.10.3-150500.5.11.1fixed 2.10.3-150500.5.11.1
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically ca
- CVE-2023-39615Aug 29, 2023affected < 2.10.3-150500.5.8.1fixed 2.10.3-150500.5.8.1
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the prod