Known Vulnerabilities for products from Xmlsoft
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Xmlsoft".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-7424 json | A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can l... | Not Provided | 2025-07-10 | 2026-04-14 |
| CVE-2025-6170 json | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an... | Not Provided | 2025-06-16 | 2026-04-19 |
| CVE-2025-6021 json | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack... | Not Provided | 2025-06-12 | 2026-04-19 |
| CVE-2023-45322 json | ** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This ... | 6.5 - MEDIUM | 2023-10-06 | 2023-11-07 |
| CVE-2023-39615 json | ** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function... | 6.5 - MEDIUM | 2023-08-29 | 2023-11-07 |
| CVE-2023-29469 json | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFa... | 6.5 - MEDIUM | 2023-04-24 | 2023-06-01 |
| CVE-2023-28484 json | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a se... | 6.5 - MEDIUM | 2023-04-24 | 2024-02-01 |
| CVE-2022-40304 json | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potent... | 7.8 - HIGH | 2022-11-23 | 2023-11-07 |
| CVE-2022-40303 json | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser o... | 7.5 - HIGH | 2022-11-23 | 2023-11-07 |
| CVE-2022-29824 json | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for intege... | 6.5 - MEDIUM | 2022-05-03 | 2023-11-07 |
| CVE-2022-23308 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-02-26 | 2023-11-07 |
| CVE-2022-2309 json | NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is... | 7.5 - HIGH | 2022-07-05 | 2023-11-07 |
| CVE-2021-30560 json | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap co... | 8.8 - HIGH | 2021-08-03 | 2024-03-27 |
| CVE-2021-3541 json | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms an... | 6.5 - MEDIUM | 2021-07-09 | 2022-03-01 |
| CVE-2021-3537 json | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed con... | 5.9 - MEDIUM | 2021-05-14 | 2023-11-07 |
| CVE-2021-3518 json | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an a... | 8.8 - HIGH | 2021-05-18 | 2023-11-07 |
| CVE-2021-3517 json | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to sup... | 8.6 - HIGH | 2021-05-19 | 2023-11-07 |
| CVE-2021-3516 json | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be process... | 7.8 - HIGH | 2021-06-01 | 2023-11-07 |
| CVE-2020-24977 json | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.... | 6.5 - MEDIUM | 2020-09-04 | 2023-11-07 |
| CVE-2020-7595 json | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | 7.5 - HIGH | 2020-01-21 | 2023-11-07 |