CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56171
https://notcve.org/view.php?id=CVE-2024-56171
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24928
https://notcve.org/view.php?id=CVE-2025-24928
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 • CWE-121: Stack-based Buffer Overflow •
CVSS: 2.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27113
https://notcve.org/view.php?id=CVE-2025-27113
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49043 – libxml: use-after-free in xmlXIncludeAddNode
https://notcve.org/view.php?id=CVE-2022-49043
26 Jan 2025 — xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress. It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could use this issue to cause libxml2 to cra... • https://github.com/php/php-src/issues/17467 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40896 – Ubuntu Security Notice USN-7215-1
https://notcve.org/view.php?id=CVE-2024-40896
23 Dec 2024 — In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. En libxml2 2.11 anterior a 2.11.9, 2.12 anterior a 2.12.9 y 2.13 anterior a 2.13.3, el analizador SAX puede producir eventos para entidades externas incluso si los controladores SAX personalizados intentan anular el contenido de la entidad (estableciendo "m... • https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-25062 – libxml2: use-after-free in XMLReader
https://notcve.org/view.php?id=CVE-2024-25062
04 Feb 2024 — An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Se descubrió un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validación DTD y la expansión XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45322 – Gentoo Linux Security Advisory 202402-11
https://notcve.org/view.php?id=CVE-2023-45322
06 Oct 2023 — libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." ** EN DISPUTA ** libxml2 hasta 2.11.5 tiene un use-after-free que solo puede ocurrir después de que falla una determinada asignación de memoria. Esto ocurre en xmlUnlinkNode en tree.c. NOTA... • http://www.openwall.com/lists/oss-security/2023/10/06/5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39615 – libxml2: crafted xml can cause global buffer overflow
https://notcve.org/view.php?id=CVE-2023-39615
29 Aug 2023 — Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /li... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28484 – libxml2: NULL dereference in xmlSchemaFixupComplexType
https://notcve.org/view.php?id=CVE-2023-28484
20 Apr 2023 — In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/491 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29469 – libxml2: Hashing of empty dict strings isn't deterministic
https://notcve.org/view.php?id=CVE-2023-29469
20 Apr 2023 — An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFa... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/510 • CWE-20: Improper Input Validation CWE-415: Double Free •