CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56171
https://notcve.org/view.php?id=CVE-2024-56171
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24928
https://notcve.org/view.php?id=CVE-2025-24928
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 • CWE-121: Stack-based Buffer Overflow •
CVSS: 2.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27113
https://notcve.org/view.php?id=CVE-2025-27113
18 Feb 2025 — libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40896 – Ubuntu Security Notice USN-7215-1
https://notcve.org/view.php?id=CVE-2024-40896
23 Dec 2024 — In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. En libxml2 2.11 anterior a 2.11.9, 2.12 anterior a 2.12.9 y 2.13 anterior a 2.13.3, el analizador SAX puede producir eventos para entidades externas incluso si los controladores SAX personalizados intentan anular el contenido de la entidad (estableciendo "m... • https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6 • CWE-611: Improper Restriction of XML External Entity Reference •