VYPR

rpm package

opensuse/python-libxml2-python&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/python-libxml2-python&distro=openSUSE%20Leap%2015.5

Vulnerabilities (4)

  • CVE-2024-34459May 13, 2024
    affected < 2.9.7-150000.3.70.1fixed 2.9.7-150000.3.70.1

    An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

  • CVE-2024-25062Feb 4, 2024
    affected < 2.9.7-150000.3.66.1fixed 2.9.7-150000.3.66.1

    An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

  • CVE-2023-45322Oct 6, 2023
    affected < 2.9.7-150000.3.63.1fixed 2.9.7-150000.3.63.1

    libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically ca

  • CVE-2023-39615Aug 29, 2023
    affected < 2.9.7-150000.3.60.1fixed 2.9.7-150000.3.60.1

    Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the prod