rpm package
suse/libxml2&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7425 | Hig | 7.8 | < 2.9.4-46.90.1 | 2.9.4-46.90.1 | Jul 10, 2025 | A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, | |
| CVE-2025-6170 | Low | 2.5 | < 2.9.4-46.87.1 | 2.9.4-46.87.1 | Jun 16, 2025 | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code | |
| CVE-2025-49796 | Cri | 9.1 | < 2.9.4-46.87.1 | 2.9.4-46.87.1 | Jun 16, 2025 | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss | |
| CVE-2025-49794 | Cri | 9.1 | < 2.9.4-46.87.1 | 2.9.4-46.87.1 | Jun 16, 2025 | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu | |
| CVE-2025-6021 | Hig | 7.5 | < 2.9.4-46.87.1 | 2.9.4-46.87.1 | Jun 12, 2025 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | |
| CVE-2025-27113 | Low | 2.9 | < 2.9.4-46.81.1 | 2.9.4-46.81.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. | |
| CVE-2025-24928 | Hig | 7.8 | < 2.9.4-46.81.1 | 2.9.4-46.81.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | |
| CVE-2024-56171 | Hig | 7.8 | < 2.9.4-46.81.1 | 2.9.4-46.81.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML | |
| CVE-2022-49043 | Hig | 8.1 | < 2.9.4-46.78.1 | 2.9.4-46.78.1 | Jan 26, 2025 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. |
- affected < 2.9.4-46.90.1fixed 2.9.4-46.90.1
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result,
- affected < 2.9.4-46.87.1fixed 2.9.4-46.87.1
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code
- affected < 2.9.4-46.87.1fixed 2.9.4-46.87.1
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss
- affected < 2.9.4-46.87.1fixed 2.9.4-46.87.1
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu
- affected < 2.9.4-46.87.1fixed 2.9.4-46.87.1
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
- affected < 2.9.4-46.81.1fixed 2.9.4-46.81.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
- affected < 2.9.4-46.81.1fixed 2.9.4-46.81.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
- affected < 2.9.4-46.81.1fixed 2.9.4-46.81.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML
- affected < 2.9.4-46.78.1fixed 2.9.4-46.78.1
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.