Information on source package libxml2

Available versions

ReleaseVersion
wheezy2.8.0+dfsg1-7+wheezy5
wheezy (security)2.8.0+dfsg1-7+wheezy7
jessie (security)2.9.1+dfsg1-5+deb8u4
stretch2.9.4+dfsg1-2.2
sid2.9.4+dfsg1-2.2

Open issues

BugwheezyjessiestretchsidDescription
CVE-2017-5969vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablenull pointer dereference when parsing a xml file using recover mode
CVE-2016-9318vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablelibxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ...
CVE-2016-4619undeterminedundeterminedundeterminedundeterminedlibxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...
CVE-2016-4616undeterminedundeterminedundeterminedundeterminedlibxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...
CVE-2016-4615undeterminedundeterminedundeterminedundeterminedlibxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...
CVE-2016-4614undeterminedundeterminedundeterminedundeterminedlibxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...
CVE-2016-4448vulnerable (no DSA)vulnerable (no DSA)fixedfixedFormat string vulnerability in libxml2 before 2.9.4 allows attackers ...
CVE-2015-7116undeterminedundeterminedundeterminedundeterminedlibxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...
CVE-2015-7115undeterminedundeterminedundeterminedundeterminedlibxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...

Resolved issues

BugDescription
CVE-2016-9598out-of-bounds read
CVE-2016-9597stack overflow before detecting invalid XML file
CVE-2016-9596stack exhaustion while parsing xml files in recovery mode
CVE-2016-5131Use-after-free vulnerability in libxml2 through 2.9.4, as used in ...
CVE-2016-4658libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...
CVE-2016-4483
CVE-2016-4449XML external entity (XXE) vulnerability in the ...
CVE-2016-4447The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 ...
CVE-2016-3705The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...
CVE-2016-3627The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and ...
CVE-2016-2073The htmlParseNameComplex function in HTMLparser.c in libxml2 allows ...
CVE-2016-1840Heap-based buffer overflow in the xmlFAParsePosCharGroup function in ...
CVE-2016-1839The xmlDictAddString function in libxml2 before 2.9.4, as used in ...
CVE-2016-1838The xmlPArserPrintFileContextInternal function in libxml2 before ...
CVE-2016-1837Multiple use-after-free vulnerabilities in the (1) ...
CVE-2016-1836Use-after-free vulnerability in the xmlDictComputeFastKey function in ...
CVE-2016-1835Use-after-free vulnerability in the xmlSAX2AttributeNs function in ...
CVE-2016-1834Heap-based buffer overflow in the xmlStrncat function in libxml2 ...
CVE-2016-1833The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple ...
CVE-2016-1762The xmlNextChar function in libxml2 before 2.9.4 allows remote ...
CVE-2015-8806dict.c in libxml2 allows remote attackers to cause a denial of service ...
CVE-2015-8710The htmlParseComment function in HTMLparser.c in libxml2 allows ...
CVE-2015-8317The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 ...
CVE-2015-8242The xmlSAX2TextNode function in SAX2.c in the push interface in the ...
CVE-2015-8241The xmlNextChar function in libxml2 2.9.2 does not properly check the ...
CVE-2015-8035The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly ...
CVE-2015-7942The xmlParseConditionalSections function in parser.c in libxml2 does ...
CVE-2015-7941libxml2 2.9.2 does not properly stop parsing invalid input, which ...
CVE-2015-7500The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows ...
CVE-2015-7499Heap-based buffer overflow in the xmlGROW function in parser.c in ...
CVE-2015-7498Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ...
CVE-2015-7497Heap-based buffer overflow in the xmlDictComputeFastQKey function in ...
CVE-2015-5312The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...
CVE-2015-1819The xmlreader in libxml allows remote attackers to cause a denial of ...
CVE-2014-3660parser.c in libxml2 before 2.9.2 does not properly prevent entity ...
CVE-2014-0191The xmlParserHandlePEReference function in parser.c in libxml2 before ...
CVE-2013-2877parser.c in libxml2 before 2.9.0, as used in Google Chrome before ...
CVE-2013-1969Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...
CVE-2013-0339libxml2 through 2.9.1 does not properly handle external entities ...
CVE-2013-0338libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...
CVE-2012-5134Heap-based buffer underflow in the xmlParseAttValueComplex function in ...
CVE-2012-2807Multiple integer overflows in libxml2, as used in Google Chrome before ...
CVE-2012-0841libxml2 before 2.8.0 computes hash values without restricting the ...
CVE-2011-3919Heap-based buffer overflow in libxml2, as used in Google Chrome before ...
CVE-2011-3905libxml2, as used in Google Chrome before 16.0.912.63, allows remote ...
CVE-2011-3102Off-by-one error in libxml2, as used in Google Chrome before ...
CVE-2011-2834Double free vulnerability in libxml2, as used in Google Chrome before ...
CVE-2011-2821Double free vulnerability in libxml2, as used in Google Chrome before ...
CVE-2011-1944Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...
CVE-2011-0216Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...
CVE-2010-4494Double free vulnerability in libxml2 2.7.8 and other versions, as used ...
CVE-2010-4008libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, ...
CVE-2009-2416Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, ...
CVE-2009-2414Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, ...
CVE-2008-4409libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities ...
CVE-2008-4226Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 ...
CVE-2008-4225Integer overflow in the xmlBufferResize function in libxml2 2.7.2 ...
CVE-2008-3529Heap-based buffer overflow in the xmlParseAttValueComplex function in ...
CVE-2008-3281libxml2 2.6.32 and earlier does not properly detect recursion during ...
CVE-2007-6284The xmlCurrentChar function in libxml2 before 2.6.31 allows ...
CVE-2004-0989Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...
CVE-2004-0110Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...

Security announcements

DSA / DLADescription
DSA-3744-1libxml2 - security update
DLA-691-1libxml2 - security update
DLA-503-1libxml2 - security update
DSA-3593-1libxml2 - security update
DLA-373-1libxml2 - security update
DSA-3430-1libxml2 - security update
DSA-3430-1libxml2 - security update
DLA-355-1libxml2 - security update
DLA-334-2libxml2 - regression update
DLA-334-1libxml2 - security update
DLA-266-1libxml2 - security update
DSA-3057-2libxml2 - regression update
DLA-151-1libxml2 - security update
DSA-2978-2libxml2 - security update
DLA-80-1libxml2 - security update
DSA-3057-1libxml2 - security update
DLA-0016-1libxml2 - security update
DSA-2978-1libxml2 - security update
DSA-2779-1libxml2 - denial of service
DSA-2779-1libxml2 - denial of service
DSA-2652-1libxml2 - external entity expansion
DSA-2580-1libxml2 - buffer overflow
DSA-2521-1libxml2 - integer overflows
DSA-2479-1libxml2 - off-by-one
DSA-2417-1libxml2 - denial of service
DSA-2394-1libxml2 - several
DSA-2394-1libxml2 - several
DSA-2255-1libxml2 - buffer overflow
DSA-2255-1libxml2 - buffer overflow
DSA-2137-1libxml2 - several vulnerabilities
DSA-2128-1libxml2 - potential code execution
DSA-1859-1libxml2 - several issues
DSA-1859-1libxml2 - several issues
DSA-1666-1libxml2 - several vulnerabilities
DSA-1654-1libxml2 - execution of arbitrary code
DSA-1631-1libxml2 - denial of service
DSA-1461-1libxml2 - denial of service
DSA-1461-1libxml2 - denial of service
DSA-582-1libxml - buffer overflow
DSA-455libxml - buffer overflows

Search for package or bug name: Reporting problems