VYPR

rpm package

opensuse/libxml2-python&distro=openSUSE Leap Micro 5.3

pkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%20Micro%205.3

Vulnerabilities (4)

  • CVE-2024-25062Feb 4, 2024
    affected < 2.9.14-150400.5.28.1fixed 2.9.14-150400.5.28.1

    An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

  • CVE-2023-45322Oct 6, 2023
    affected < 2.9.14-150400.5.25.1fixed 2.9.14-150400.5.25.1

    libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically ca

  • CVE-2023-29469Apr 24, 2023
    affected < 2.9.14-150400.5.16.1fixed 2.9.14-150400.5.16.1

    An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there

  • CVE-2023-28484Apr 24, 2023
    affected < 2.9.14-150400.5.16.1fixed 2.9.14-150400.5.16.1

    In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.