Trending Zero-Day Explore Browse Search Saved

CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Home Trending Zero-Day Watch Attack Types Browse CVEs Search

Legal

Privacy Policy Terms of Service Data Disclaimer

© 2026CVEInsight. For informational use only — not a substitute for professional security advice.

CVE data sourced from NVD / NIST & public disclosures.

xmlsoft

libxml2

40 known vulnerabilities · sorted by CVSS score

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

xmlsoft / libxml2+13

Published Feb 19, 2018

Page 1 of 2

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

xmlsoft / libxml2+10

Published Feb 19, 2018

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

xmlsoft / libxml2+10

Published Dec 23, 2024

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

google / chrome+3

Published Feb 7, 2018

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

xmlsoft / libxml2+20

Published May 18, 2021

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

redhat / enterprise_linux_desktop+7

Published Aug 28, 2018

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

xmlsoft / libxml2+32

Published May 19, 2021

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

xmlsoft / libxml2

Published Jan 26, 2025

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

netapp / active_iq_unified_manager+11

Published Feb 18, 2025

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

xmlsoft / libxml2+11

Published Feb 18, 2025

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

xmlsoft / libxml2+17

Published Nov 23, 2022

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

netapp / h700s_firmware+32

Published Jan 21, 2020

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

xmlsoft / libxml2+28

Published Jan 21, 2020

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

xmlsoft / libxml2+17

Published Nov 23, 2022

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

xmlsoft / libxml2+48

Published Feb 26, 2022

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

xmlsoft / libxml2+1

Published Feb 4, 2024

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

canonical / ubuntu_linux+8

Published Jul 30, 2018

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

xmlsoft / libxml2+71

Published Jun 12, 2025

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

xmlsoft / libxml2+1

Published May 14, 2024

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

xmlsoft / libxml2+17

Published Dec 24, 2019