Filtered by vendor Xmlsoft
Subscriptions
Filtered by product Libxml2
Subscriptions
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2026-04-23 | 6.5 Medium |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
| CVE-2008-4409 | 1 Xmlsoft | 1 Libxml2 | 2026-04-23 | N/A |
| libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. | ||||
| CVE-2009-2414 | 2 Redhat, Xmlsoft | 3 Enterprise Linux, Libxml, Libxml2 | 2026-04-23 | N/A |
| Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
| CVE-2008-3529 | 5 Apple, Canonical, Debian and 2 more | 7 Iphone Os, Mac Os X, Safari and 4 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||||
| CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 12 Iphone Os, Safari, Ubuntu Linux and 9 more | 2026-04-23 | 6.5 Medium |
| libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | ||||
| CVE-2025-6021 | 2 Redhat, Xmlsoft | 30 Discovery, Enterprise Linux, Enterprise Linux Eus and 27 more | 2026-04-20 | 7.5 High |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | ||||
| CVE-2025-6170 | 2 Redhat, Xmlsoft | 6 Enterprise Linux, Hummingbird, Jboss Core Services and 3 more | 2026-04-20 | 2.5 Low |
| A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. | ||||
| CVE-2004-0989 | 5 Redhat, Trustix, Ubuntu and 2 more | 7 Enterprise Linux, Fedora Core, Secure Linux and 4 more | 2026-04-16 | N/A |
| Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. | ||||
| CVE-2003-1564 | 2 Redhat, Xmlsoft | 2 Enterprise Linux, Libxml2 | 2026-04-16 | 6.5 Medium |
| libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." | ||||
| CVE-2004-0110 | 3 Redhat, Sgi, Xmlsoft | 5 Enterprise Linux, Linux, Propack and 2 more | 2026-04-16 | N/A |
| Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | ||||
| CVE-2025-24928 | 3 Netapp, Redhat, Xmlsoft | 28 Active Iq Unified Manager, H300s, H300s Firmware and 25 more | 2026-02-26 | 7.8 High |
| libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | ||||
| CVE-2017-16932 | 1 Xmlsoft | 1 Libxml2 | 2026-01-22 | 7.5 High |
| parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. | ||||
| CVE-2017-9049 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2025-12-18 | 7.5 High |
| libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. | ||||
| CVE-2017-9048 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2025-12-18 | 7.5 High |
| libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. | ||||
| CVE-2017-9050 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2025-12-17 | 7.5 High |
| libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. | ||||
| CVE-2019-20388 | 7 Debian, Fedoraproject, Netapp and 4 more | 34 Debian Linux, Fedora, Cloud Backup and 31 more | 2025-12-17 | 7.5 High |
| xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | ||||
| CVE-2017-8872 | 1 Xmlsoft | 1 Libxml2 | 2025-12-17 | 9.1 Critical |
| The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | ||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 17 Iphone Os, Mac Os X, Safari and 14 more | 2025-12-17 | 8.1 High |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | ||||
| CVE-2016-1834 | 6 Apple, Canonical, Debian and 3 more | 16 Iphone Os, Mac Os X, Tvos and 13 more | 2025-12-04 | 7.8 High |
| Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | ||||
| CVE-2016-9318 | 4 Canonical, Redhat, Xmlsec Project and 1 more | 4 Ubuntu Linux, Jboss Core Services, Xmlsec and 1 more | 2025-12-04 | 5.5 Medium |
| libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. | ||||