CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49043 – Ubuntu Security Notice USN-7240-1
https://notcve.org/view.php?id=CVE-2022-49043
26 Jan 2025 — xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the libxml2 xmllint tool incorrectly handled certain memory operations. If a user or automated system were tricked into running xmllint on a specially crafted xml file, a remote attacker could ca... • https://github.com/php/php-src/issues/17467 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-25062 – libxml2: use-after-free in XMLReader
https://notcve.org/view.php?id=CVE-2024-25062
04 Feb 2024 — An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Se descubrió un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validación DTD y la expansión XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45322 – Gentoo Linux Security Advisory 202402-11
https://notcve.org/view.php?id=CVE-2023-45322
06 Oct 2023 — libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." ** EN DISPUTA ** libxml2 hasta 2.11.5 tiene un use-after-free que solo puede ocurrir después de que falla una determinada asignación de memoria. Esto ocurre en xmlUnlinkNode en tree.c. NOTA... • http://www.openwall.com/lists/oss-security/2023/10/06/5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28484 – libxml2: NULL dereference in xmlSchemaFixupComplexType
https://notcve.org/view.php?id=CVE-2023-28484
20 Apr 2023 — In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/491 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29469 – libxml2: Hashing of empty dict strings isn't deterministic
https://notcve.org/view.php?id=CVE-2023-29469
20 Apr 2023 — An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFa... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/510 • CWE-20: Improper Input Validation CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40303 – libxml2: integer overflows with XML_PARSE_HUGE
https://notcve.org/view.php?id=CVE-2022-40303
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Al analizar un documento XML de varios gigabytes con la opción de analizador XML_PARSE_HUGE habilitada, varios contadores de enteros pueden desbordarse. • https://packetstorm.news/files/id/169825 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles
https://notcve.org/view.php?id=CVE-2022-40304
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. • https://packetstorm.news/files/id/169824 • CWE-415: Double Free •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3709 – libxml2: Incorrect server side include parsing can lead to XSS
https://notcve.org/view.php?id=CVE-2016-3709
28 Jul 2022 — Possible cross-site scripting vulnerability in libxml after commit 960f0e2. Una posible vulnerabilidad de tipo cross-site scripting en libxml versiones posteriores al commit 960f0e2 A Cross-site scripting (XSS) vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document. Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh proj... • https://mail.gnome.org/archives/xml/2018-January/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-2309 – NULL Pointer Dereference in lxml/lxml
https://notcve.org/view.php?id=CVE-2022-2309
05 Jul 2022 — NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually b... • https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 4CVE-2022-29824 – libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-29824
03 May 2022 — In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de búferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbor... • https://packetstorm.news/files/id/167345 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •