Information on source package libxml2

Available versions

ReleaseVersion
jessie2.9.1+dfsg1-5+deb8u6
jessie (security)2.9.1+dfsg1-5+deb8u7
stretch (security)2.9.4+dfsg1-2.2+deb9u2
buster2.9.4+dfsg1-7
sid2.9.4+dfsg1-7

Open issues

BugjessiestretchbustersidDescription
CVE-2018-14567fixedvulnerable (no DSA, postponed)vulnerablevulnerablelibxml2 2.9.8, if --with-lzma is used, allows remote attackers to ...
CVE-2018-14404fixedvulnerable (no DSA)vulnerablevulnerableA NULL pointer dereference vulnerability exists in the ...
CVE-2017-8872vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 ...
CVE-2017-5969vulnerable (no DSA)vulnerable (no DSA)fixedfixed** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote ...
CVE-2017-5130vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...
CVE-2017-18258fixedvulnerable (no DSA, postponed)vulnerablevulnerableThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote ...
CVE-2017-16932vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableparser.c in libxml2 before 2.9.5 does not prevent infinite recursion in ...
CVE-2016-9318vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerablelibxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ...
CVE-2016-4448vulnerable (no DSA, ignored)fixedfixedfixedFormat string vulnerability in libxml2 before 2.9.4 allows attackers ...

Resolved issues

BugDescription
CVE-2018-9251The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is ...
CVE-2017-9050libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based ...
CVE-2017-9049libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based ...
CVE-2017-9048libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based ...
CVE-2017-9047A buffer overflow was discovered in libxml2 ...
CVE-2017-7376Buffer overflow in libxml2 allows remote attackers to execute ...
CVE-2017-7375A flaw in libxml2 allows remote XML entity inclusion with default ...
CVE-2017-16931parser.c in libxml2 before 2.9.5 mishandles parameter-entity references ...
CVE-2017-15412Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ...
CVE-2017-0663A remote code execution vulnerability in libxml2 could enable an ...
CVE-2016-9598libxml2, as used in Red Hat JBoss Core Services, allows ...
CVE-2016-9597It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 ...
CVE-2016-9596libxml2, as used in Red Hat JBoss Core Services and when in recovery ...
CVE-2016-5131Use-after-free vulnerability in libxml2 through 2.9.4, as used in ...
CVE-2016-4658xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS ...
CVE-2016-4483The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 ...
CVE-2016-4449XML external entity (XXE) vulnerability in the ...
CVE-2016-4447The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 ...
CVE-2016-3705The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...
CVE-2016-3627The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and ...
CVE-2016-2073The htmlParseNameComplex function in HTMLparser.c in libxml2 allows ...
CVE-2016-1840Heap-based buffer overflow in the xmlFAParsePosCharGroup function in ...
CVE-2016-1839The xmlDictAddString function in libxml2 before 2.9.4, as used in ...
CVE-2016-1838The xmlPArserPrintFileContextInternal function in libxml2 before ...
CVE-2016-1837Multiple use-after-free vulnerabilities in the (1) ...
CVE-2016-1836Use-after-free vulnerability in the xmlDictComputeFastKey function in ...
CVE-2016-1835Use-after-free vulnerability in the xmlSAX2AttributeNs function in ...
CVE-2016-1834Heap-based buffer overflow in the xmlStrncat function in libxml2 ...
CVE-2016-1833The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple ...
CVE-2016-1762The xmlNextChar function in libxml2 before 2.9.4 allows remote ...
CVE-2015-8806dict.c in libxml2 allows remote attackers to cause a denial of service ...
CVE-2015-8710The htmlParseComment function in HTMLparser.c in libxml2 allows ...
CVE-2015-8317The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 ...
CVE-2015-8242The xmlSAX2TextNode function in SAX2.c in the push interface in the ...
CVE-2015-8241The xmlNextChar function in libxml2 2.9.2 does not properly check the ...
CVE-2015-8035The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly ...
CVE-2015-7942The xmlParseConditionalSections function in parser.c in libxml2 does ...
CVE-2015-7941libxml2 2.9.2 does not properly stop parsing invalid input, which ...
CVE-2015-7500The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows ...
CVE-2015-7499Heap-based buffer overflow in the xmlGROW function in parser.c in ...
CVE-2015-7498Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ...
CVE-2015-7497Heap-based buffer overflow in the xmlDictComputeFastQKey function in ...
CVE-2015-5312The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...
CVE-2015-1819The xmlreader in libxml allows remote attackers to cause a denial of ...
CVE-2014-3660parser.c in libxml2 before 2.9.2 does not properly prevent entity ...
CVE-2014-0191The xmlParserHandlePEReference function in parser.c in libxml2 before ...
CVE-2013-2877parser.c in libxml2 before 2.9.0, as used in Google Chrome before ...
CVE-2013-1969Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...
CVE-2013-0339libxml2 through 2.9.1 does not properly handle external entities ...
CVE-2013-0338libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...
CVE-2012-5134Heap-based buffer underflow in the xmlParseAttValueComplex function in ...
CVE-2012-2807Multiple integer overflows in libxml2, as used in Google Chrome before ...
CVE-2012-0841libxml2 before 2.8.0 computes hash values without restricting the ...
CVE-2011-3919Heap-based buffer overflow in libxml2, as used in Google Chrome before ...
CVE-2011-3905libxml2, as used in Google Chrome before 16.0.912.63, allows remote ...
CVE-2011-3102Off-by-one error in libxml2, as used in Google Chrome before ...
CVE-2011-2834Double free vulnerability in libxml2, as used in Google Chrome before ...
CVE-2011-2821Double free vulnerability in libxml2, as used in Google Chrome before ...
CVE-2011-1944Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...
CVE-2011-0216Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...
CVE-2010-4494Double free vulnerability in libxml2 2.7.8 and other versions, as used ...
CVE-2010-4008libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, ...
CVE-2009-2416Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, ...
CVE-2009-2414Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, ...
CVE-2008-4409libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities ...
CVE-2008-4226Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 ...
CVE-2008-4225Integer overflow in the xmlBufferResize function in libxml2 2.7.2 ...
CVE-2008-3529Heap-based buffer overflow in the xmlParseAttValueComplex function in ...
CVE-2008-3281libxml2 2.6.32 and earlier does not properly detect recursion during ...
CVE-2007-6284The xmlCurrentChar function in libxml2 before 2.6.31 allows ...
CVE-2004-0989Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...
CVE-2004-0110Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...

Security announcements

DSA / DLADescription
DLA-1524-1libxml2 - security update
DSA-4086-1libxml2 - security update
DSA-4086-1libxml2 - security update
DLA-1211-1libxml2 - security update
DLA-1194-1libxml2 - security update
DLA-1188-1libxml2 - security update
DSA-3952-1libxml2 - security update
DSA-3952-1libxml2 - security update
DLA-1060-1libxml2 - security update
DLA-1008-1libxml2 - security update
DSA-3744-1libxml2 - security update
DLA-691-1libxml2 - security update
DLA-503-1libxml2 - security update
DSA-3593-1libxml2 - security update
DLA-373-1libxml2 - security update
DSA-3430-1libxml2 - security update
DSA-3430-1libxml2 - security update
DLA-355-1libxml2 - security update
DLA-334-2libxml2 - regression update
DLA-334-1libxml2 - security update
DLA-266-1libxml2 - security update
DSA-3057-2libxml2 - regression update
DLA-151-1libxml2 - security update
DSA-2978-2libxml2 - security update
DLA-80-1libxml2 - security update
DSA-3057-1libxml2 - security update
DLA-0016-1libxml2 - security update
DSA-2978-1libxml2 - security update
DSA-2779-1libxml2 - denial of service
DSA-2779-1libxml2 - denial of service
DSA-2652-1libxml2 - external entity expansion
DSA-2580-1libxml2 - buffer overflow
DSA-2521-1libxml2 - integer overflows
DSA-2479-1libxml2 - off-by-one
DSA-2417-1libxml2 - denial of service
DSA-2394-1libxml2 - several
DSA-2394-1libxml2 - several
DSA-2255-1libxml2 - buffer overflow
DSA-2255-1libxml2 - buffer overflow
DSA-2137-1libxml2 - several vulnerabilities
DSA-2128-1libxml2 - potential code execution
DSA-1859-1libxml2 - several issues
DSA-1859-1libxml2 - several issues
DSA-1666-1libxml2 - several vulnerabilities
DSA-1654-1libxml2 - execution of arbitrary code
DSA-1631-1libxml2 - denial of service
DSA-1461-1libxml2 - denial of service
DSA-1461-1libxml2 - denial of service
DSA-582-1libxml - buffer overflow
DSA-455libxml - buffer overflows

Search for package or bug name: Reporting problems