rpm package
suse/libxml2-python&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7425 | Hig | 7.8 | < 2.9.14-150400.5.47.1 | 2.9.14-150400.5.47.1 | Jul 10, 2025 | A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, | |
| CVE-2025-6170 | Low | 2.5 | < 2.9.14-150400.5.44.1 | 2.9.14-150400.5.44.1 | Jun 16, 2025 | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code | |
| CVE-2025-49796 | Cri | 9.1 | < 2.9.14-150400.5.44.1 | 2.9.14-150400.5.44.1 | Jun 16, 2025 | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss | |
| CVE-2025-49794 | Cri | 9.1 | < 2.9.14-150400.5.44.1 | 2.9.14-150400.5.44.1 | Jun 16, 2025 | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu | |
| CVE-2025-6021 | Hig | 7.5 | < 2.9.14-150400.5.44.1 | 2.9.14-150400.5.44.1 | Jun 12, 2025 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | |
| CVE-2025-27113 | — | < 2.9.14-150400.5.38.1 | 2.9.14-150400.5.38.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. | ||
| CVE-2025-24928 | — | < 2.9.14-150400.5.38.1 | 2.9.14-150400.5.38.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | ||
| CVE-2024-56171 | — | < 2.9.14-150400.5.38.1 | 2.9.14-150400.5.38.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML | ||
| CVE-2022-49043 | — | < 2.9.14-150400.5.35.1 | 2.9.14-150400.5.35.1 | Jan 26, 2025 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | ||
| CVE-2024-25062 | — | < 2.9.14-150400.5.28.1 | 2.9.14-150400.5.28.1 | Feb 4, 2024 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. |
- affected < 2.9.14-150400.5.47.1fixed 2.9.14-150400.5.47.1
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result,
- affected < 2.9.14-150400.5.44.1fixed 2.9.14-150400.5.44.1
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code
- affected < 2.9.14-150400.5.44.1fixed 2.9.14-150400.5.44.1
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss
- affected < 2.9.14-150400.5.44.1fixed 2.9.14-150400.5.44.1
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu
- affected < 2.9.14-150400.5.44.1fixed 2.9.14-150400.5.44.1
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
- CVE-2025-27113Feb 18, 2025affected < 2.9.14-150400.5.38.1fixed 2.9.14-150400.5.38.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
- CVE-2025-24928Feb 18, 2025affected < 2.9.14-150400.5.38.1fixed 2.9.14-150400.5.38.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
- CVE-2024-56171Feb 18, 2025affected < 2.9.14-150400.5.38.1fixed 2.9.14-150400.5.38.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML
- CVE-2022-49043Jan 26, 2025affected < 2.9.14-150400.5.35.1fixed 2.9.14-150400.5.35.1
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
- CVE-2024-25062Feb 4, 2024affected < 2.9.14-150400.5.28.1fixed 2.9.14-150400.5.28.1
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.