threat
engine
.sh
Back
·
··:··
Home
/
Product
/
xmlsoft libxml2
Product
xmlsoft libxml2
101 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-6732
>= 2.13.0 and < 2.15.3
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD)
6.5
MEDIUM
CVE-2025-9714
< 2.10.0
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stac
6.2
MEDIUM
CVE-2025-6170
all versions
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an over
2.5
LOW
CVE-2025-6021
< 2.14.4
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-base
7.5
HIGH
CVE-2025-32415
< 2.13.8
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read.
2.9
LOW
CVE-2025-32414
< 2.13.8
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) becau
5.6
MEDIUM
CVE-2025-27113
< 2.12.10
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
2.9
LOW
CVE-2025-24928
< 2.12.10
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit th
7.8
HIGH
CVE-2024-56171
< 2.12.10
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTable
7.8
HIGH
CVE-2022-49043
< 2.11.0
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
8.1
HIGH
CVE-2024-40896
>= 2.11.0 and < 2.11.9
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities
9.1
CRITICAL
CVE-2024-34459
< 2.11.8
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint -
7.5
HIGH
CVE-2024-25062
< 2.11.7
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation
7.5
HIGH
CVE-2023-45322
<= 2.11.5
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkN
6.5
MEDIUM
CVE-2023-39615
all versions
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c.
6.5
MEDIUM
CVE-2023-29469
< 2.10.4
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey
6.5
MEDIUM
CVE-2023-28484
< 2.10.4
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfaul
6.5
MEDIUM
CVE-2022-40304
< 2.10.3
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially
7.8
HIGH
CVE-2022-40303
< 2.10.3
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option
7.5
HIGH
CVE-2016-3709
>= 2.9.2 and < 2.9.11
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
6.1
MEDIUM
CVE-2022-29824
< 2.9.14
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf
) and tree.c (xmlBuffer
) don't check for integer ove
6.5
MEDIUM
CVE-2022-23308
< 2.9.13
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5
HIGH
CVE-2021-3541
< 2.9.11
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and lea
6.5
MEDIUM
CVE-2021-3517
< 2.9.11
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a
8.6
HIGH
CVE-2021-3518
< 2.9.11
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an applic
8.8
HIGH
CVE-2021-3537
< 2.9.11
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,
5.9
MEDIUM
CVE-2020-24977
all versions
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The
6.5
MEDIUM
CVE-2020-7595
all versions
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
7.5
HIGH
CVE-2019-20388
all versions
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
7.5
HIGH
CVE-2019-19956
< 2.9.10
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.
7.5
HIGH
CVE-2017-15412
< 2.9.5
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attack
8.8
HIGH
CVE-2018-14567
all versions
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file
6.5
MEDIUM
CVE-2016-9598
< 2.9.4
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds re
6.5
MEDIUM
CVE-2016-9596
< 2.9.4
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of
6.5
MEDIUM
CVE-2016-9597
all versions
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the is
7.5
HIGH
CVE-2018-14404
<= 2.9.8
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing
6.5
MEDIUM
CVE-2017-18258
< 2.9.6
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption)
6.5
MEDIUM
CVE-2018-9251
all versions
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (
5.3
MEDIUM
CVE-2017-7376
< 2.9.5
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when
9.8
CRITICAL
CVE-2017-7375
<= 2.9.4
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity subst
9.8
CRITICAL
CVE-2017-5130
< 2.9.5
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, all
8.8
HIGH
CVE-2017-16932
<= 2.9.4
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
7.5
HIGH
CVE-2017-16931
<= 2.9.4
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReferen
9.8
CRITICAL
CVE-2017-9050
all versions
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. Thi
7.5
HIGH
CVE-2017-9049
all versions
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c
7.5
HIGH
CVE-2017-9048
all versions
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in vali
7.5
HIGH
CVE-2017-9047
all versions
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supp
7.5
HIGH
CVE-2017-8872
all versions
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read
9.1
CRITICAL
CVE-2017-5969
all versions
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a cr
4.7
MEDIUM
CVE-2016-4483
< 2.9.4
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service
7.5
HIGH
CVE-2016-9318
<= 2.9.4
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that
5.5
MEDIUM
CVE-2016-4658
< 2.9.5
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and o
9.8
CRITICAL
CVE-2016-5131
<= 2.9.4
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to ca
8.8
HIGH
CVE-2016-4449
<= 2.9.3
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not i
7.1
HIGH
CVE-2016-4448
<= 2.9.3
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in un
9.8
CRITICAL
CVE-2016-4447
<= 2.9.3
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of servi
7.5
HIGH
CVE-2016-1840
< 2.9.4
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X
7.8
HIGH
CVE-2016-1839
< 2.9.4
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1,
5.5
MEDIUM
CVE-2016-1838
<= 2.9.4
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tv
5.5
MEDIUM
CVE-2016-1837
< 2.9.4
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before
5.5
MEDIUM
CVE-2016-1836
< 2.9.4
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS
5.5
MEDIUM
CVE-2016-1834
< 2.9.4
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.1
7.8
HIGH
CVE-2016-1833
< 2.9.4
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, a
5.5
MEDIUM
CVE-2016-3705
all versions
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of
7.5
HIGH
CVE-2016-3627
<= 2.9.3
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent att
7.5
HIGH
CVE-2015-6838
<= 2.9.1
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, w
7.5
HIGH
CVE-2015-6837
<= 2.9.1
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, w
7.5
HIGH
CVE-2015-8806
< 2.9.4
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an
7.5
HIGH
CVE-2015-8710
< 2.9.3
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of servi
9.8
CRITICAL
CVE-2016-1762
< 2.9.4
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read
8.1
HIGH
CVE-2016-2073
< 2.9.4
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) vi
6.5
MEDIUM
CVE-2015-8317
<= 2.9.2
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive informatio
CVE-2015-8242
<= 2.9.2
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent a
CVE-2015-8241
<= 2.9.2
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a d
CVE-2015-7500
<= 2.9.2
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out
CVE-2015-7499
<= 2.9.2
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtai
CVE-2015-7498
<= 2.9.2
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers
CVE-2015-7497
<= 2.9.2
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attac
CVE-2015-5312
<= 2.9.2
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allo
CVE-2015-8035
all versions
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent att
CVE-2015-7942
all versions
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing
CVE-2015-7941
all versions
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service
CVE-2014-3660
<= 2.9.1
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which
CVE-2013-0339
<= 2.9.1
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2Resolve
CVE-2013-2877
<= 2.9.0
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to caus
CVE-2013-1969
all versions
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to ca
CVE-2013-0338
<= 2.9.0
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML
CVE-2012-0841
<= 2.7.8
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows con
CVE-2012-5134
<= 2.9.0
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Ch
CVE-2012-2871
<= 2.9.0
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified va
CVE-2011-1944
all versions
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context
CVE-2010-4494
<= 2.7.8
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, all
CVE-2010-4008
< 2.7.8
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from i
CVE-2009-2416
all versions
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-de
6.5
MEDIUM
CVE-2009-2414
all versions
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent
CVE-2008-4409
all versions
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent att
CVE-2008-3529
< 2.7.0
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent at
CVE-2008-3281
<= 2.6.32
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-
6.5
MEDIUM
CVE-2004-0989
all versions
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut
CVE-2004-0110
all versions
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attacker
CVE-2003-1564
< 2.5.0
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attacke
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin