rpm package
suse/libxml2-python&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7425 | Hig | 7.8 | < 2.10.3-150500.5.32.1 | 2.10.3-150500.5.32.1 | Jul 10, 2025 | A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, | |
| CVE-2025-6170 | Low | 2.5 | < 2.10.3-150500.5.29.1 | 2.10.3-150500.5.29.1 | Jun 16, 2025 | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code | |
| CVE-2025-49796 | Cri | 9.1 | < 2.10.3-150500.5.29.1 | 2.10.3-150500.5.29.1 | Jun 16, 2025 | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss | |
| CVE-2025-49795 | Hig | 7.5 | < 2.10.3-150500.5.29.1 | 2.10.3-150500.5.29.1 | Jun 16, 2025 | A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. | |
| CVE-2025-49794 | Cri | 9.1 | < 2.10.3-150500.5.29.1 | 2.10.3-150500.5.29.1 | Jun 16, 2025 | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu | |
| CVE-2025-6021 | Hig | 7.5 | < 2.10.3-150500.5.29.1 | 2.10.3-150500.5.29.1 | Jun 12, 2025 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | |
| CVE-2025-27113 | — | < 2.10.3-150500.5.23.1 | 2.10.3-150500.5.23.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. | ||
| CVE-2025-24928 | — | < 2.10.3-150500.5.23.1 | 2.10.3-150500.5.23.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | ||
| CVE-2024-56171 | — | < 2.10.3-150500.5.23.1 | 2.10.3-150500.5.23.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML | ||
| CVE-2022-49043 | — | < 2.10.3-150500.5.20.1 | 2.10.3-150500.5.20.1 | Jan 26, 2025 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. |
- affected < 2.10.3-150500.5.32.1fixed 2.10.3-150500.5.32.1
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result,
- affected < 2.10.3-150500.5.29.1fixed 2.10.3-150500.5.29.1
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code
- affected < 2.10.3-150500.5.29.1fixed 2.10.3-150500.5.29.1
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other poss
- affected < 2.10.3-150500.5.29.1fixed 2.10.3-150500.5.29.1
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
- affected < 2.10.3-150500.5.29.1fixed 2.10.3-150500.5.29.1
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as inpu
- affected < 2.10.3-150500.5.29.1fixed 2.10.3-150500.5.29.1
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
- CVE-2025-27113Feb 18, 2025affected < 2.10.3-150500.5.23.1fixed 2.10.3-150500.5.23.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
- CVE-2025-24928Feb 18, 2025affected < 2.10.3-150500.5.23.1fixed 2.10.3-150500.5.23.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
- CVE-2024-56171Feb 18, 2025affected < 2.10.3-150500.5.23.1fixed 2.10.3-150500.5.23.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML
- CVE-2022-49043Jan 26, 2025affected < 2.10.3-150500.5.20.1fixed 2.10.3-150500.5.20.1
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.