Latest xmlsoft libxml2 Vulnerabilities

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can ...
Xmlsoft Libxml2<2.11.7
Xmlsoft Libxml2>=2.12.0<2.12.5
debian/libxml2<=2.9.4+dfsg1-7+deb10u4<=2.9.4+dfsg1-7+deb10u6<=2.9.10+dfsg-6.7+deb11u4<=2.9.14+dfsg-1.3~deb12u1<=2.9.14+dfsg-1.3
ubuntu/libxml2<2.9.1+dfsg1-3ubuntu4.13+
ubuntu/libxml2<2.9.3+dfsg1-1ubuntu0.7+
ubuntu/libxml2<2.9.4+dfsg1-6.1ubuntu1.9+
and 4 more
Use-after-free in libxml2 through 2.11.5
Xmlsoft Libxml2<=2.11.5
** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial ...
Xmlsoft Libxml2=2.11.0
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Xmlsoft Libxml2<2.10.4
Debian Debian Linux=10.0
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various lo...
Xmlsoft Libxml2<2.10.4
Debian Debian Linux=10.0
Apple iOS<16.5
Apple iPadOS<16.5
<13.4
A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted res...
redhat/libxml2<0:2.9.7-15.el8_7.1
redhat/libxml2<0:2.9.13-3.el9_1
redhat/libxml2<2.10.3
Apple macOS Ventura<13.0.1
Apple iOS<16.1.1
Apple iPadOS<16.1.1
and 29 more
A flaw was found in libxml2. Parsing a XML document with the XML_PARSE_HUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEnt...
redhat/libxml2<0:2.9.7-15.el8_7.1
redhat/libxml2<0:2.9.13-3.el9_1
Apple tvOS<16.2
Apple watchOS<9.2
Apple macOS Big Sur<11.7.2
Apple macOS Monterey<12.6.2
and 29 more
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
Xmlsoft Libxml2>=2.9.2<2.9.11
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlie...
Lxml Lxml<4.9.1
Xmlsoft Libxml2>=2.9.10<=2.9.14
Fedoraproject Fedora=36
Fedoraproject Fedora=37
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation r...
redhat/libxml2<0:2.9.7-13.el8_6.1
redhat/libxml2<0:2.9.13-1.el9_0.1
debian/libxml2<=2.9.10+dfsg-6.7<=2.9.10+dfsg-6.7+deb11u1<=2.9.4+dfsg1-7+deb10u3<=2.9.13+dfsg-1<=2.9.4+dfsg1-7
debian/libxml2
redhat/libxml2<2.9.14
Xmlsoft Libxml2<2.9.14
and 27 more
A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, ...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 75 more
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parse...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 36 more
libxml2. This issue was addressed with improved checks.
rubygems/nokogiri<1.11.4
redhat/libxml2<2.9.11
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
and 37 more
A heap-based buffer overflow was found in libxml2 when processing truncated UTF-8 input. Reference: <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/235">https://gitlab.gnome.org/GNOME/libxml...
rubygems/nokogiri<1.11.4
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
and 46 more
GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack which bypasses all existing protection mechanisms. A remote authenticated attacker could exploit th...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 37 more
GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted...
IBM Security Verify Access<=10.0.0
Xmlsoft Libxml2=2.9.10
Debian Debian Linux=9.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 22 more
GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a xmlSchemaValidateStream memory leak in xmlSchemaPreRun in xmlschemas.c. By persuading a victim to open a specia...
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
IBM Security Guardium<=11.2
IBM Security Guardium<=11.3
and 59 more
GNOME libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 97 more
libxml2 is vulnerable to a denial of service, caused by a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. By persuading a victim to open a specially crafted file, a remote attacker coul...
ubuntu/libxml2<2.9.4+dfsg1-6.1ubuntu1.3
ubuntu/libxml2<2.9.4+dfsg1-7ubuntu3.1
ubuntu/libxml2<2.9.10+dfsg-1ubuntu2
ubuntu/libxml2<2.9.1+dfsg1-3ubuntu4.13+
ubuntu/libxml2<2.9.10
ubuntu/libxml2<2.9.3+dfsg1-1ubuntu0.7
and 53 more
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. ...
rubygems/nokogiri<1.8.5
redhat/libxml2<0:2.9.1-6.el7.4
redhat/libxml2<0:2.9.7-7.el8
redhat/cockpit-ovirt<0:0.13.10-1.el7e
redhat/redhat-release-virtualization-host<0:4.3.9-2.el7e
redhat/redhat-virtualization-host<0:4.3.9-20200324.0.el7_8
and 20 more
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERRO...
redhat/libxml2<2.9.9
redhat/libxml2<0:2.9.7-7.el8
Xmlsoft Libxml2=2.9.8
Debian Debian Linux=8.0
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a diff...
redhat/libxml2<0:2.9.1-6.el7.4
ubuntu/libxml2<2.9.1+dfsg1-3ubuntu4.13
ubuntu/libxml2<2.9.3+dfsg1-1ubuntu0.6
ubuntu/libxml2<2.9.4+dfsg1-6.1ubuntu1.2
ubuntu/libxml2<2.9.9
=2.9.8
and 11 more

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203