Known Vulnerabilities for Libxml2 by Xmlsoft
Listed below are 10 of the newest known vulnerabilities associated with "Libxml2" by "Xmlsoft".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | 7.5 - HIGH | 2022-02-26 | 2023-11-07 |
| CVE-2021-3541 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms an... | 6.5 - MEDIUM | 2021-07-09 | 2022-03-01 |
| CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed con... | 5.9 - MEDIUM | 2021-05-14 | 2023-11-07 |
| CVE-2021-3518 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an a... | 8.8 - HIGH | 2021-05-18 | 2023-11-07 |
| CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to sup... | 8.6 - HIGH | 2021-05-19 | 2023-11-07 |
| CVE-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.... | 6.5 - MEDIUM | 2020-09-04 | 2023-11-07 |
| CVE-2020-7595 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | 7.5 - HIGH | 2020-01-21 | 2023-11-07 |
| CVE-2019-20388 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | 7.5 - HIGH | 2020-01-21 | 2023-11-09 |
| CVE-2019-19956 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | 7.5 - HIGH | 2019-12-24 | 2023-11-07 |
| CVE-2018-9251 | The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of serv... | 5.3 - MEDIUM | 2018-04-04 | 2019-10-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Xmlsoft | Libxml2 | 2.9.9 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.9 | - | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.9 | rc1 | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.9 | rc2 | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.8 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.8 | - | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.8 | rc1 | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.7 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.7 | - | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.7 | rc1 | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.6 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.6 | - | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.6 | rc1 | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.5 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.5 | - | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.5 | rc1 | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.5 | rc2 | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.4 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.4 | - | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.4 | rc1 | All | All |