CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9714 – Stack overflow in libxml2
https://notcve.org/view.php?id=CVE-2025-9714
10 Sep 2025 — Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recu... • https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7425 – Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
https://notcve.org/view.php?id=CVE-2025-7425
10 Jul 2025 — A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. A flaw was found in libxslt, the XSLT 1.0 processing library, where the attribute type, atype, flags are modified in a way that co... • https://access.redhat.com/security/cve/CVE-2025-7425 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32415 – libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
https://notcve.org/view.php?id=CVE-2025-32415
17 Apr 2025 — In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a cra... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 • CWE-125: Out-of-bounds Read CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32414 – libxml2: Out-of-Bounds Read in libxml2
https://notcve.org/view.php?id=CVE-2025-32414
08 Apr 2025 — In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in b... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 • CWE-393: Return of Wrong Status Code •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27113 – Ubuntu Security Notice USN-7302-1
https://notcve.org/view.php?id=CVE-2025-27113
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that the libxml2 xmllint tool incorrectly handled certain memory operations. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56171 – libxml2: Use-After-Free in libxml2
https://notcve.org/view.php?id=CVE-2024-56171
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema. It was discovered th... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24928 – libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2
https://notcve.org/view.php?id=CVE-2025-24928
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49043 – libxml: use-after-free in xmlXIncludeAddNode
https://notcve.org/view.php?id=CVE-2022-49043
26 Jan 2025 — xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress. It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could use this issue to cause libxml2 to cra... • https://github.com/php/php-src/issues/17467 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2024-25062 – libxml2: use-after-free in XMLReader
https://notcve.org/view.php?id=CVE-2024-25062
04 Feb 2024 — An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Se descubrió un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validación DTD y la expansión XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free... • https://packetstorm.news/files/id/212322 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45322 – Gentoo Linux Security Advisory 202402-11
https://notcve.org/view.php?id=CVE-2023-45322
06 Oct 2023 — libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." ** EN DISPUTA ** libxml2 hasta 2.11.5 tiene un use-after-free que solo puede ocurrir después de que falla una determinada asignación de memoria. Esto ocurre en xmlUnlinkNode en tree.c. NOTA... • http://www.openwall.com/lists/oss-security/2023/10/06/5 • CWE-416: Use After Free •