Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

libxml2

Source -

NVDCNA

CNA CVEs -

20

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

107
Related CVEsRelated VendorsRelated AssignersReports
111Vulnerabilities found

CVE-2026-11979
Assigner-CERT.PL
ShareView Details
Assigner-CERT.PL
CVSS Score-1.8||LOW
EPSS-0.15% / 4.46%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 13:21
Updated-30 Jun, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-Based Buffer Overflow in libxml2

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within the stack frame. Successful exploitation may cause a crash or potentially allow arbitrary code execution in the context of the xmlcatalog process. This issue has been fixed in the commit c2e233fc. NOTE: The maintainers of this project did not agree that this issue is a vulnerability and considered it a bug.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-6653
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-7||HIGH
EPSS-0.35% / 27.09%
||
7 Day CHG+0.06%
Published-22 Jun, 2026 | 12:40
Updated-14 Jul, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

Action-Not Available
Vendor-The GNOME Projectlibxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2026-6732
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 46.25%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 22:19
Updated-30 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xsd-validated document

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Action-Not Available
Vendor-Red Hat, Inc.libxml2 (XMLSoft)IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-0992
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-2.9||LOW
EPSS-0.31% / 22.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xml catalogs

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-0989
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.42% / 34.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: unbounded relaxng include recursion leading to stack overflow

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-0990
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.76% / 51.00%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-9714
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.14% / 4.11%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 18:43
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack overflow in libxml2

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

Action-Not Available
Vendor-libxml2 (XMLSoft)Siemens AG
Product-libxml2libxml2RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-8732
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 10.29%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 16:32
Updated-29 Jun, 2026 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libxml2 xmlcatalog xmlParseSGMLCatalog recursion

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."

Action-Not Available
Vendor-n/aSiemens AG
Product-libxml2RUGGEDCOM RST2428P
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-7425
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.34% / 26.06%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 13:53
Updated-19 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Action-Not Available
Vendor-The GNOME ProjectSiemens AGRed Hat, Inc.
Product-Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 9.2 Update Services for SAP Solutionscert-manager operator for Red Hat OpenShift 1.16Compliance Operator 1OpenShift Compliance Operator 1Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.13Red Hat Discovery 2libxml2Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Web Terminal 1.11 on RHEL 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Web Terminal 1.12 on RHEL 9Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Insights proxy 1.5RHOSS-1.36-RHEL-8Red Hat OpenShift distributed tracing 3.5.1Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRUGGEDCOM ROX RX1500SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 TM MFP - GNU/Linux subsystemSIMATIC CN 4100RUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1524RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1501SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM ROX RX5000RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1536
CWE ID-CWE-416
Use After Free
CVE-2025-6170
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-2.5||LOW
EPSS-0.20% / 10.19%
||
7 Day CHG+0.01%
Published-16 Jun, 2025 | 15:24
Updated-14 Jul, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: stack buffer overflow in xmllint interactive shell command handling

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

Action-Not Available
Vendor-libxml2 (XMLSoft)Siemens AGRed Hat, Inc.
Product-libxml2enterprise_linuxopenshift_container_platformjboss_core_servicesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4RUGGEDCOM RST2428P
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-49795
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 38.02%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 15:19
Updated-07 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml: null pointer dereference leads to denial of service (dos)

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.Siemens AG
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat JBoss Core Services 2.4.62.SP2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10libxml2Red Hat Hardened ImagesRUGGEDCOM RST2428P
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2025-6021
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 61.01%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 12:49
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Action-Not Available
Vendor-Red Hat, Inc.libxml2 (XMLSoft)Siemens AG
Product-enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_ibm_z_systemslibxml2enterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64_eusopenshift_container_platform_for_arm64openshift_container_platform_for_powerjboss_core_servicesenterprise_linux_serverenterprise_linux_for_arm_64in-vehicle_operating_systementerprise_linuxenterprise_linux_for_power_little_endianopenshift_container_platform_for_linuxoneenterprise_linux_eusenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_for_ibm_z_systems_eusopenshift_container_platformopenshift_container_platform_for_ibm_zRed Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Hardened ImagesRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.14Red Hat JBoss Core Services 2.4.62.SP2Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19SIMATIC CN 4100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32415
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.56% / 42.81%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-32414
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.36% / 27.76%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 00:00
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-393
Return of Wrong Status Code
CVE-2024-56171
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.14% / 62.93%
||
7 Day CHG+0.01%
Published-18 Feb, 2025 | 00:00
Updated-03 Nov, 2025 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Action-Not Available
Vendor-libxml2 (XMLSoft)NetApp, Inc.
Product-manageability_software_development_kith700slibxml2h410s_firmwareh300sh410c_firmwarehci_compute_nodeh500sh410sh700s_firmwareh410ch500s_firmwareh300s_firmwaresolidfire_\&_hci_management_nodeontapactive_iq_unified_managerlibxml2
CWE ID-CWE-416
Use After Free
CVE-2025-27113
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-1.01% / 59.38%
||
7 Day CHG+0.01%
Published-18 Feb, 2025 | 00:00
Updated-03 Nov, 2025 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-24928
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.69%
||
7 Day CHG-0.00%
Published-18 Feb, 2025 | 00:00
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Action-Not Available
Vendor-NetApp, Inc.libxml2 (XMLSoft)
Product-manageability_software_development_kith700slibxml2h410s_firmwareh300sh410c_firmwarehci_compute_nodeh500sh410sh700s_firmwareh410ch500s_firmwareh300s_firmwaresolidfire_\&_hci_management_nodeontapactive_iq_unified_managerlibxml2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-49043
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.26% / 17.19%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-416
Use After Free
CVE-2024-40896
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.22% / 65.17%
||
7 Day CHG+0.02%
Published-23 Dec, 2024 | 00:00
Updated-25 Nov, 2025 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

Action-Not Available
Vendor-libxml2 (XMLSoft)NetApp, Inc.
Product-solidfire_\&_hci_management_nodeh300sh700s_firmwarelibxml2h410chci_compute_nodesolidfire_\&_hci_storage_nodeh410sh500s_firmwareh700sh410c_firmwareh500sh300s_firmwareh410s_firmwarelibxml2
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2024-34459
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.30% / 81.36%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 00:00
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)
Product-libxml2n/axmllint
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-25062
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.36% / 68.70%
||
7 Day CHG~0.00%
Published-04 Feb, 2024 | 00:00
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)
Product-libxml2n/a
CWE ID-CWE-416
Use After Free
CVE-2023-45322
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 53.34%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 00:00
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)
Product-libxml2n/a
CWE ID-CWE-416
Use After Free
CVE-2023-39615
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 47.74%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)
Product-libxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-28484
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.09% / 61.54%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Debian GNU/Linux
Product-libxml2debian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29469
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.01% / 59.34%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Debian GNU/Linux
Product-debian_linuxlibxml2n/a
CWE ID-CWE-415
Double Free
CVE-2022-40304
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-6.78% / 93.25%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-28 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Action-Not Available
Vendor-n/aApple Inc.NetApp, Inc.libxml2 (XMLSoft)
Product-clustered_data_ontaph700smanageability_software_development_kith500sh300s_firmwareh410sh410ch410c_firmwaresnapmanageripadosactive_iq_unified_managerwatchossmi-s_providerlibxml2h300siphone_osmacosh410s_firmwaretvosh700s_firmwareh500s_firmwareclustered_data_ontap_antivirus_connectorn/a
CWE ID-CWE-415
Double Free
CVE-2022-40303
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.79% / 97.47%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Action-Not Available
Vendor-n/aApple Inc.NetApp, Inc.libxml2 (XMLSoft)
Product-clustered_data_ontaph700sh500sh300s_firmwareh410sh410ch410c_firmwareontap_select_deploy_administration_utilitysnapmanageripadosactive_iq_unified_managerwatchoslibxml2netapp_manageability_sdkh300siphone_osmacosh410s_firmwaretvosh700s_firmwareh500s_firmwareclustered_data_ontap_antivirus_connectorn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-3709
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.76% / 51.30%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 16:52
Updated-04 Nov, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-2309
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-2.46% / 82.65%
||
7 Day CHG~0.00%
Published-05 Jul, 2022 | 09:00
Updated-04 Nov, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in lxml/lxml

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

Action-Not Available
Vendor-lxmllxmlFedora Projectlibxml2 (XMLSoft)
Product-lxmllibxml2fedoralxml/lxml
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29824
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.63% / 88.26%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 00:00
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora Projectlibxml2 (XMLSoft)Debian GNU/Linux
Product-h500ssolidfire_\&_hci_management_nodelibxslth300s_firmwareh410c_firmwarelibxml2active_iq_unified_managerh410sh300sclustered_data_ontapsnapdrivedebian_linuxmanageability_software_development_kitsmi-s_providersnapmanagerontap_select_deploy_administration_utilityh410s_firmwarefedorazfs_storage_appliance_kith500s_firmwareh700s_firmwareclustered_data_ontap_antivirus_connectorh410ch700sn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-23308
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.01% / 92.52%
||
7 Day CHG~0.00%
Published-26 Feb, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectApple Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-h410sactive_iq_unified_managerdebian_linuxh500s_firmwarecommunications_cloud_native_core_binding_support_functionbootstrap_osh410c_firmwareh410ch700sh500smysql_workbenchh700e_firmwarezfs_storage_appliance_kitontap_select_deploy_administration_utilitycommunications_cloud_native_core_network_function_cloud_native_environmenth500e_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodetvosclustered_data_ontap_antivirus_connectorclustered_data_ontaph300ecommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryh300e_firmwaremacoswatchossolidfire_\&_hci_management_nodeh700eipadosmac_os_xhci_compute_nodeh500eh700s_firmwaresmi-s_providerfedoracommunications_cloud_native_core_network_slice_selection_functionh410s_firmwaresnapmanagerlibxml2h300s_firmwaremanageability_software_development_kitsnapdriveiphone_osh300sn/a
CWE ID-CWE-416
Use After Free
CVE-2021-3541
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.86% / 76.89%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 16:02
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.libxml2 (XMLSoft)Red Hat, Inc.
Product-h300eh500scloud_backuph410c_firmwareh300s_firmwarelibxml2active_iq_unified_managerh410sh300sh300e_firmwareclustered_data_ontapsnapdrivemanageability_software_development_kitsmi-s_providerh500eontap_select_deploy_administration_utilityh410s_firmwareh700s_firmwarezfs_storage_appliance_kith500s_firmwareh500e_firmwareclustered_data_ontap_antivirus_connectorh700eh410ch700e_firmwareh700sjboss_core_serviceslibxml2
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2021-3516
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.99% / 78.41%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 13:38
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora Projectlibxml2 (XMLSoft)Debian GNU/LinuxRed Hat, Inc.
Product-xmllintclustered_data_ontapdebian_linuxontap_select_deploy_administration_utilityfedoraenterprise_linuxzfs_storage_appliance_kitclustered_data_ontap_antivirus_connectorjboss_core_serviceslibxml2
CWE ID-CWE-416
Use After Free
CVE-2021-3517
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-8.28% / 94.29%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 13:45
Updated-02 Dec, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectRed Hat, Inc.Debian GNU/Linuxlibxml2 (XMLSoft)
Product-libxml2openjdksnapmanagerclustered_data_ontap_antivirus_connectorhci_management_nodesantricity_unified_managersolidfireoncommand_workflow_automationmysql_workbenchactive_iq_unified_managerreal_user_experience_insightdebian_linuxpeoplesoft_enterprise_peopletoolssnapdriveenterprise_manager_base_platformclustered_data_ontapenterprise_linuxfedorae-series_santricity_storage_managere-series_santricity_web_serviceshci_h410cjboss_core_servicesoncommand_insighte-series_santricity_os_controllerhci_h410c_firmwaremanageability_software_development_kitontap_select_deploy_administration_utilitycommunications_cloud_native_core_network_function_cloud_native_environmentzfs_storage_appliance_kitlibxml2
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3518
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-3.65% / 88.36%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 11:20
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora Projectlibxml2 (XMLSoft)Debian GNU/LinuxRed Hat, Inc.
Product-peoplesoft_enterprise_peopletoolscommunications_cloud_native_core_network_function_cloud_native_environmententerprise_linuxactive_iq_unified_managerlibxml2mysql_workbenchclustered_data_ontapsnapdrivedebian_linuxmanageability_software_development_kitontap_select_deploy_administration_utilityhci_h410c_firmwarefedoraclustered_data_ontap_antivirus_connectorreal_user_experience_insightjboss_core_servicesenterprise_manager_ops_centerhci_h410centerprise_manager_base_platformlibxml2
CWE ID-CWE-416
Use After Free
CVE-2021-3537
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-3.50% / 87.87%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 19:50
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora Projectlibxml2 (XMLSoft)Debian GNU/LinuxRed Hat, Inc.
Product-peoplesoft_enterprise_peopletoolsopenjdkcommunications_cloud_native_core_network_function_cloud_native_environmententerprise_linuxactive_iq_unified_managerlibxml2mysql_workbenchclustered_data_ontapsnapdrivedebian_linuxmanageability_software_development_kitontap_select_deploy_administration_utilityhci_h410c_firmwarefedoraclustered_data_ontap_antivirus_connectorreal_user_experience_insightjboss_core_servicesenterprise_manager_ops_centerhci_h410centerprise_manager_base_platformlibxml2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-24977
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.67% / 88.42%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 23:20
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora Projectlibxml2 (XMLSoft)Debian GNU/LinuxopenSUSE
Product-peoplesoft_enterprise_peopletoolscommunications_cloud_native_core_network_function_cloud_native_environmentactive_iq_unified_managerlibxml2inventory_collect_toolmysql_workbenchhttp_serverclustered_data_ontapsnapdrivedebian_linuxmanageability_software_development_kithci_h410c_firmwarefedoraclustered_data_ontap_antivirus_connectorreal_user_experience_insightenterprise_manager_ops_centerhci_h410centerprise_manager_base_platformleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-7595
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.63% / 93.89%
||
7 Day CHG-0.21%
Published-21 Jan, 2020 | 22:54
Updated-03 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linuxlibxml2 (XMLSoft)Siemens AG
Product-ubuntu_linuxh500s_firmwareh410c_firmwaresteelstore_cloud_integrated_storagemysql_workbenchsinema_remote_connect_serverreal_user_experience_insighth410cpeoplesoft_enterprise_peopletoolssnapdriveh700s_firmwareclustered_data_ontapfedorah700e_firmwaresymantec_netbackuph300e_firmwareh500e_firmwarelibxml2h700sh410sh300eenterprise_manager_ops_centerh500edebian_linuxsmi-s_providerh300s_firmwareenterprise_manager_base_platformh300sh700eh500sh410s_firmwarecommunications_cloud_native_core_network_function_cloud_native_environmentn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-20388
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.27% / 89.98%
||
7 Day CHG-0.12%
Published-21 Jan, 2020 | 22:53
Updated-17 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Fedora ProjectDebian GNU/LinuxOracle CorporationopenSUSENetApp, Inc.
Product-debian_linuxh300s_firmwarecloud_backupontap_select_deploy_administration_utilityh300emysql_workbenchh700e_firmwareh500s_firmwareh410splug-in_for_symantec_netbackupfedorah410s_firmwareh500sclustered_data_ontapcommunications_cloud_native_core_network_function_cloud_native_environmenth700s_firmwareenterprise_manager_base_platformenterprise_manager_ops_centerh300sreal_user_experience_insighth500elibxml2h300e_firmwaresmi-s_providersteelstore_cloud_integrated_storageh500e_firmwarepeoplesoft_enterprise_peopletoolsh700sleapsnapdriveh700en/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19956
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.51% / 91.92%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:12
Updated-03 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linuxlibxml2 (XMLSoft)Siemens AG
Product-libxml2ubuntu_linuxclustered_data_ontapfedoraclustered_data_ontap_antivirus_connectordebian_linuxsteelstore_cloud_integrated_storagemanageability_software_development_kitontap_select_deploy_administration_utilitysinema_remote_connect_serveractive_iq_unified_managerreal_user_experience_insightn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-15412
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.96% / 85.69%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Google LLCDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationlibxml2enterprise_linux_desktopGoogle Chrome prior to 63.0.3239.84 unknown
CWE ID-CWE-416
Use After Free
CVE-2016-9596
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.08% / 61.25%
||
7 Day CHG~0.00%
Published-16 Aug, 2018 | 20:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Red Hat, Inc.
Product-jboss_core_serviceslibxml2n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-9598
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.23% / 65.70%
||
7 Day CHG~0.00%
Published-16 Aug, 2018 | 20:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Red Hat, Inc.
Product-jboss_core_serviceslibxml2n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14567
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.30% / 90.05%
||
7 Day CHG~0.00%
Published-16 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Debian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlibxml2n/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2016-9597
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.48% / 90.41%
||
7 Day CHG~0.00%
Published-30 Jul, 2018 | 14:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

Action-Not Available
Vendor-Canonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-ubuntu_linuxdebian_linuxlibxml2icewall_file_managericewall_federation_agentleaplibxml2
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-14404
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.68% / 88.44%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 13:00
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/Linuxlibxml2 (XMLSoft)
Product-libxml2ubuntu_linuxdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-18258
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.71% / 84.30%
||
7 Day CHG~0.00%
Published-08 Apr, 2018 | 17:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)
Product-libxml2n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-9251
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.44% / 82.48%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 02:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Debian GNU/Linux
Product-debian_linuxlibxml2n/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-7376
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.69% / 97.56%
||
7 Day CHG~0.00%
Published-19 Feb, 2018 | 19:00
Updated-05 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Google LLCDebian GNU/Linux
Product-androiddebian_linuxlibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7375
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.64% / 83.88%
||
7 Day CHG~0.00%
Published-19 Feb, 2018 | 19:00
Updated-03 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

Action-Not Available
Vendor-n/aDebian GNU/Linuxlibxml2 (XMLSoft)Google LLC
Product-libxml2debian_linuxandroidn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
  • Previous
  • 1
  • 2
  • 3
  • Next