Information on source package libxml2

Available versions

ReleaseVersion
jessie2.9.1+dfsg1-5+deb8u17
stretch2.9.4+dfsg1-2.2+deb9u11
stretch (security)2.9.4+dfsg1-2.2+deb9u7
buster2.9.4+dfsg1-7+deb10u9
buster (security)2.9.4+dfsg1-7+deb10u6
bullseye2.9.10+dfsg-6.7+deb11u4
bullseye (security)2.9.10+dfsg-6.7+deb11u5
bookworm2.9.14+dfsg-1.3~deb12u1
trixie2.12.7+dfsg+really2.9.14-0.2
sid2.12.7+dfsg+really2.9.14-0.2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-25062fixedvulnerable (no DSA)fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableAn issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...
CVE-2023-45322fixedvulnerable (no DSA, postponed)fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerablelibxml2 through 2.11.5 has a use-after-free that can only occur after ...
CVE-2023-39615fixedvulnerable (no DSA)fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableXmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...
CVE-2016-4448vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedFormat string vulnerability in libxml2 before 2.9.4 allows attackers t ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-34459vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableAn issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...

Resolved issues

BugDescription
CVE-2023-29469An issue was discovered in libxml2 before 2.10.4. When hashing empty d ...
CVE-2023-28484In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ...
CVE-2022-40304An issue was discovered in libxml2 before 2.10.3. Certain invalid XML ...
CVE-2022-40303An issue was discovered in libxml2 before 2.10.3. When parsing a multi ...
CVE-2022-29824In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...
CVE-2022-23308valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ...
CVE-2022-2309NULL Pointer Dereference allows attackers to cause a denial of service ...
CVE-2021-3541A flaw was found in libxml2. Exponential entity expansion attack its p ...
CVE-2021-3537A vulnerability found in libxml2 in versions before 2.9.11 shows that ...
CVE-2021-3518There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...
CVE-2021-3517There is a flaw in the xml entity encoding functionality of libxml2 in ...
CVE-2021-3516There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ...
CVE-2020-24977GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ...
CVE-2020-7595xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...
CVE-2019-20388xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...
CVE-2019-19956xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ...
CVE-2018-14567libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ...
CVE-2018-14404A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ...
CVE-2018-9251The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is ...
CVE-2017-18258The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote ...
CVE-2017-16932parser.c in libxml2 before 2.9.5 does not prevent infinite recursion i ...
CVE-2017-16931parser.c in libxml2 before 2.9.5 mishandles parameter-entity reference ...
CVE-2017-15412Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ...
CVE-2017-9050libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...
CVE-2017-9049libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...
CVE-2017-9048libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buf ...
CVE-2017-9047A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g074180 ...
CVE-2017-8872The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ...
CVE-2017-7376Buffer overflow in libxml2 allows remote attackers to execute arbitrar ...
CVE-2017-7375A flaw in libxml2 allows remote XML entity inclusion with default pars ...
CVE-2017-5969libxml2 2.9.4, when used in recover mode, allows remote attackers to c ...
CVE-2017-5130An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...
CVE-2017-0663A remote code execution vulnerability in libxml2 could enable an attac ...
CVE-2016-9598libxml2, as used in Red Hat JBoss Core Services, allows context-depend ...
CVE-2016-9597It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 f ...
CVE-2016-9596libxml2, as used in Red Hat JBoss Core Services and when in recovery m ...
CVE-2016-9318libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ...
CVE-2016-5131Use-after-free vulnerability in libxml2 through 2.9.4, as used in Goog ...
CVE-2016-4658xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS ...
CVE-2016-4483The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 all ...
CVE-2016-4449XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntit ...
CVE-2016-4447The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 a ...
CVE-2016-3709Possible cross-site scripting vulnerability in libxml after commit 960 ...
CVE-2016-3705The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...
CVE-2016-3627The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earli ...
CVE-2016-2073The htmlParseNameComplex function in HTMLparser.c in libxml2 allows at ...
CVE-2016-1840Heap-based buffer overflow in the xmlFAParsePosCharGroup function in l ...
CVE-2016-1839The xmlDictAddString function in libxml2 before 2.9.4, as used in Appl ...
CVE-2016-1838The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4 ...
CVE-2016-1837Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiter ...
CVE-2016-1836Use-after-free vulnerability in the xmlDictComputeFastKey function in ...
CVE-2016-1835Use-after-free vulnerability in the xmlSAX2AttributeNs function in lib ...
CVE-2016-1834Heap-based buffer overflow in the xmlStrncat function in libxml2 befor ...
CVE-2016-1833The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple ...
CVE-2016-1762The xmlNextChar function in libxml2 before 2.9.4 allows remote attacke ...
CVE-2015-8806dict.c in libxml2 allows remote attackers to cause a denial of service ...
CVE-2015-8710The htmlParseComment function in HTMLparser.c in libxml2 allows attack ...
CVE-2015-8317The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allow ...
CVE-2015-8242The xmlSAX2TextNode function in SAX2.c in the push interface in the HT ...
CVE-2015-8241The xmlNextChar function in libxml2 2.9.2 does not properly check the ...
CVE-2015-8035The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...
CVE-2015-7942The xmlParseConditionalSections function in parser.c in libxml2 does n ...
CVE-2015-7941libxml2 2.9.2 does not properly stop parsing invalid input, which allo ...
CVE-2015-7500The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows c ...
CVE-2015-7499Heap-based buffer overflow in the xmlGROW function in parser.c in libx ...
CVE-2015-7498Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ...
CVE-2015-7497Heap-based buffer overflow in the xmlDictComputeFastQKey function in d ...
CVE-2015-5312The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...
CVE-2015-1819The xmlreader in libxml allows remote attackers to cause a denial of s ...
CVE-2014-3660parser.c in libxml2 before 2.9.2 does not properly prevent entity expa ...
CVE-2014-0191The xmlParserHandlePEReference function in parser.c in libxml2 before ...
CVE-2013-2877parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0 ...
CVE-2013-1969Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...
CVE-2013-0339libxml2 through 2.9.1 does not properly handle external entities expan ...
CVE-2013-0338libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...
CVE-2012-5134Heap-based buffer underflow in the xmlParseAttValueComplex function in ...
CVE-2012-2807Multiple integer overflows in libxml2, as used in Google Chrome before ...
CVE-2012-0841libxml2 before 2.8.0 computes hash values without restricting the abil ...
CVE-2011-3919Heap-based buffer overflow in libxml2, as used in Google Chrome before ...
CVE-2011-3905libxml2, as used in Google Chrome before 16.0.912.63, allows remote at ...
CVE-2011-3102Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084 ...
CVE-2011-2834Double free vulnerability in libxml2, as used in Google Chrome before ...
CVE-2011-2821Double free vulnerability in libxml2, as used in Google Chrome before ...
CVE-2011-1944Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...
CVE-2011-0216Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...
CVE-2010-4494Double free vulnerability in libxml2 2.7.8 and other versions, as used ...
CVE-2010-4008libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Appl ...
CVE-2009-2416Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6 ...
CVE-2009-2414Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6 ...
CVE-2008-4409libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities ...
CVE-2008-4226Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 al ...
CVE-2008-4225Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allo ...
CVE-2008-3529Heap-based buffer overflow in the xmlParseAttValueComplex function in ...
CVE-2008-3281libxml2 2.6.32 and earlier does not properly detect recursion during e ...
CVE-2007-6284The xmlCurrentChar function in libxml2 before 2.6.31 allows context-de ...
CVE-2004-0989Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and p ...
CVE-2004-0110Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...

Security announcements

DSA / DLADescription
ELA-1227-1libxml2 - security update
ELA-1195-1libxml2 - security update
ELA-1176-1libxml2 - security update
DLA-3878-1libxml2 - security update
DLA-3405-1libxml2 - security update
DSA-5391-1libxml2 - security update
ELA-837-1libxml2 - security update
DSA-5271-1libxml2 - security update
DLA-3172-1libxml2 - security update
ELA-721-1libxml2 - security update
ELA-656-1libxml2 - security update
DSA-5142-1libxml2 - security update
ELA-617-1libxml2 - security update
DLA-3012-1libxml2 - security update
DLA-2972-1libxml2 - security update
ELA-581-1libxml2 - security update
DLA-2669-1libxml2 - security update
ELA-436-1libxml2 - security update
DLA-2653-1libxml2 - security update
ELA-424-1libxml2 - security update
DLA-2369-1libxml2 - security update
ELA-280-1libxml2 - security update
DLA-2048-1libxml2 - security update
DLA-1524-1libxml2 - security update
ELA-46-1libxml2 - security update
DSA-4086-1libxml2 - security update
DLA-1211-1libxml2 - security update
DLA-1194-1libxml2 - security update
DLA-1188-1libxml2 - security update
DSA-3952-1libxml2 - security update
DLA-1060-1libxml2 - security update
DLA-1008-1libxml2 - security update
DSA-3744-1libxml2 - security update
DLA-691-1libxml2 - security update
DLA-503-1libxml2 - security update
DSA-3593-1libxml2 - security update
DLA-373-1libxml2 - security update
DSA-3430-1libxml2 - security update
DLA-355-1libxml2 - security update
DLA-334-2libxml2 - regression update
DLA-334-1libxml2 - security update
DLA-266-1libxml2 - security update
DSA-3057-2libxml2 - regression update
DLA-151-1libxml2 - security update
DSA-2978-2libxml2 - security update
DLA-80-1libxml2 - security update
DSA-3057-1libxml2 - security update
DLA-0016-1libxml2 - security update
DSA-2978-1libxml2 - security update
DSA-2779-1libxml2 - denial of service
DSA-2652-1libxml2 - external entity expansion
DSA-2580-1libxml2 - buffer overflow
DSA-2521-1libxml2 - integer overflows
DSA-2479-1libxml2 - off-by-one
DSA-2417-1libxml2 - denial of service
DSA-2394-1libxml2 - several
DSA-2255-1libxml2 - buffer overflow
DSA-2137-1libxml2 - several vulnerabilities
DSA-2128-1libxml2 - potential code execution
DSA-1859-1libxml2 - several issues
DSA-1666-1libxml2 - several vulnerabilities
DSA-1654-1libxml2 - execution of arbitrary code
DSA-1631-1libxml2 - denial of service
DSA-1461-1libxml2 - denial of service
DSA-582-1libxml - buffer overflow
DSA-455libxml - buffer overflows

Search for package or bug name: Reporting problems