Libxml2
by Xmlsoft
Source repositories
CVEs (107)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0191 | 0.01 | — | 0.08 | Jan 21, 2015 | The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity… | |||
| CVE-2010-4494 | 0.01 | — | 0.08 | Dec 7, 2010 | Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||
| CVE-2025-26434 | 0.00 | — | 0.00 | Sep 5, 2025 | In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-32415 | 0.00 | — | 0.01 | Apr 17, 2025 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be… | |||
| CVE-2025-32414 | 0.00 | — | 0.00 | Apr 8, 2025 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. | |||
| CVE-2025-27113 | 0.00 | — | 0.01 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. | |||
| CVE-2024-56171 | 0.00 | — | 0.01 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted… | |||
| CVE-2025-24928 | 0.00 | — | 0.00 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | |||
| CVE-2022-49043 | 0.00 | — | 0.00 | Jan 26, 2025 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | |||
| CVE-2024-40896 | 0.00 | — | 0.01 | Dec 23, 2024 | In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. | |||
| CVE-2024-34459 | 0.00 | — | 0.02 | May 13, 2024 | An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. | |||
| CVE-2023-40128 | 0.00 | — | 0.00 | Oct 27, 2023 | In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-45322 | 0.00 | — | 0.01 | Oct 6, 2023 | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically… | |||
| CVE-2023-39615 | 0.00 | — | 0.01 | Aug 29, 2023 | Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the… | |||
| CVE-2023-29469 | 0.00 | — | 0.01 | Apr 24, 2023 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because… | |||
| CVE-2022-29824 | 0.00 | — | 0.04 | May 3, 2022 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software… | |||
| CVE-2022-23308 | 0.00 | — | 0.06 | Feb 26, 2022 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||
| CVE-2021-3541 | 0.00 | — | 0.02 | Jul 9, 2021 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | |||
| CVE-2019-8749 | 0.00 | — | 0.01 | Oct 27, 2020 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006,… | |||
| CVE-2020-3909 | 0.00 | — | 0.03 | Apr 1, 2020 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. |
- CVE-2014-0191Jan 21, 2015risk 0.01cvss —epss 0.08
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity…
- CVE-2010-4494Dec 7, 2010risk 0.01cvss —epss 0.08
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
- CVE-2025-26434Sep 5, 2025risk 0.00cvss —epss 0.00
In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-32415Apr 17, 2025risk 0.00cvss —epss 0.01
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be…
- CVE-2025-32414Apr 8, 2025risk 0.00cvss —epss 0.00
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
- CVE-2025-27113Feb 18, 2025risk 0.00cvss —epss 0.01
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
- CVE-2024-56171Feb 18, 2025risk 0.00cvss —epss 0.01
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted…
- CVE-2025-24928Feb 18, 2025risk 0.00cvss —epss 0.00
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
- CVE-2022-49043Jan 26, 2025risk 0.00cvss —epss 0.00
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
- CVE-2024-40896Dec 23, 2024risk 0.00cvss —epss 0.01
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
- CVE-2024-34459May 13, 2024risk 0.00cvss —epss 0.02
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
- CVE-2023-40128Oct 27, 2023risk 0.00cvss —epss 0.00
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-45322Oct 6, 2023risk 0.00cvss —epss 0.01
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically…
- CVE-2023-39615Aug 29, 2023risk 0.00cvss —epss 0.01
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the…
- CVE-2023-29469Apr 24, 2023risk 0.00cvss —epss 0.01
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because…
- CVE-2022-29824May 3, 2022risk 0.00cvss —epss 0.04
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software…
- CVE-2022-23308Feb 26, 2022risk 0.00cvss —epss 0.06
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
- CVE-2021-3541Jul 9, 2021risk 0.00cvss —epss 0.02
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
- CVE-2019-8749Oct 27, 2020risk 0.00cvss —epss 0.01
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006,…
- CVE-2020-3909Apr 1, 2020risk 0.00cvss —epss 0.03
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
Page 4 of 6