Xmlsoft Libxml2
62 CVEs affecting Xmlsoft Libxml2. Latest disclosed: 2026-04-23. Critical: 5, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-16931 | Critical | 9.8 | 2017-11-23 | parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a… |
CVE-2016-4658 | Critical | 9.8 | 2016-09-25 | xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbi… |
CVE-2016-4448 | Critical | 9.8 | 2016-06-09 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. |
CVE-2015-8710 | Critical | 9.8 | 2016-04-11 | The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory… |
CVE-2017-8872 | Critical | 9.1 | 2017-05-10 | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. |
CVE-2016-5131 | High | 8.8 | 2016-07-23 | Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or po… |
CVE-2022-49043 | High | 8.1 | 2025-01-26 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. |
CVE-2016-1762 | High | 8.1 | 2016-03-24 | The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
CVE-2025-24928 | High | 7.8 | 2025-02-18 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur… |
CVE-2024-56171 | High | 7.8 | 2025-02-18 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit… |
CVE-2016-1840 | High | 7.8 | 2016-05-20 | Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before… |
CVE-2016-1834 | High | 7.8 | 2016-05-20 | Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and w… |
CVE-2025-6021 | High | 7.5 | 2025-06-12 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue… |
CVE-2017-16932 | High | 7.5 | 2017-11-23 | parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. |
CVE-2017-9050 | High | 7.5 | 2017-05-18 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes progra… |
CVE-2017-9049 | High | 7.5 | 2017-05-18 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes p… |
CVE-2017-9048 | High | 7.5 | 2017-05-18 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursivel… |
CVE-2017-9047 | High | 7.5 | 2017-05-18 | A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the… |
CVE-2016-4483 | High | 7.5 | 2017-04-11 | The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and appl… |
CVE-2016-4447 | High | 7.5 | 2016-06-09 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underre… |