| Bug | Description |
|---|
| CVE-2023-29469 | An issue was discovered in libxml2 before 2.10.4. When hashing empty d ... |
| CVE-2023-28484 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ... |
| CVE-2022-40304 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML ... |
| CVE-2022-40303 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi ... |
| CVE-2022-29824 | In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ... |
| CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ... |
| CVE-2022-2309 | NULL Pointer Dereference allows attackers to cause a denial of service ... |
| CVE-2021-3541 | A flaw was found in libxml2. Exponential entity expansion attack its p ... |
| CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that ... |
| CVE-2021-3518 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ... |
| CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in ... |
| CVE-2021-3516 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ... |
| CVE-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ... |
| CVE-2020-7595 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ... |
| CVE-2019-20388 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ... |
| CVE-2019-19956 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ... |
| CVE-2018-14567 | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ... |
| CVE-2018-14404 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ... |
| CVE-2018-9251 | The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is ... |
| CVE-2017-18258 | The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote ... |
| CVE-2017-16932 | parser.c in libxml2 before 2.9.5 does not prevent infinite recursion i ... |
| CVE-2017-16931 | parser.c in libxml2 before 2.9.5 mishandles parameter-entity reference ... |
| CVE-2017-15412 | Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ... |
| CVE-2017-9050 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ... |
| CVE-2017-9049 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ... |
| CVE-2017-9048 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buf ... |
| CVE-2017-9047 | A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g074180 ... |
| CVE-2017-8872 | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ... |
| CVE-2017-7376 | Buffer overflow in libxml2 allows remote attackers to execute arbitrar ... |
| CVE-2017-7375 | A flaw in libxml2 allows remote XML entity inclusion with default pars ... |
| CVE-2017-5969 | libxml2 2.9.4, when used in recover mode, allows remote attackers to c ... |
| CVE-2017-5130 | An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ... |
| CVE-2017-0663 | A remote code execution vulnerability in libxml2 could enable an attac ... |
| CVE-2016-9598 | libxml2, as used in Red Hat JBoss Core Services, allows context-depend ... |
| CVE-2016-9597 | It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 f ... |
| CVE-2016-9596 | libxml2, as used in Red Hat JBoss Core Services and when in recovery m ... |
| CVE-2016-9318 | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ... |
| CVE-2016-5131 | Use-after-free vulnerability in libxml2 through 2.9.4, as used in Goog ... |
| CVE-2016-4658 | xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS ... |
| CVE-2016-4483 | The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 all ... |
| CVE-2016-4449 | XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntit ... |
| CVE-2016-4448 | Format string vulnerability in libxml2 before 2.9.4 allows attackers t ... |
| CVE-2016-4447 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 a ... |
| CVE-2016-3709 | Possible cross-site scripting vulnerability in libxml after commit 960 ... |
| CVE-2016-3705 | The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ... |
| CVE-2016-3627 | The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earli ... |
| CVE-2016-2073 | The htmlParseNameComplex function in HTMLparser.c in libxml2 allows at ... |
| CVE-2016-1840 | Heap-based buffer overflow in the xmlFAParsePosCharGroup function in l ... |
| CVE-2016-1839 | The xmlDictAddString function in libxml2 before 2.9.4, as used in Appl ... |
| CVE-2016-1838 | The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4 ... |
| CVE-2016-1837 | Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiter ... |
| CVE-2016-1836 | Use-after-free vulnerability in the xmlDictComputeFastKey function in ... |
| CVE-2016-1835 | Use-after-free vulnerability in the xmlSAX2AttributeNs function in lib ... |
| CVE-2016-1834 | Heap-based buffer overflow in the xmlStrncat function in libxml2 befor ... |
| CVE-2016-1833 | The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple ... |
| CVE-2016-1762 | The xmlNextChar function in libxml2 before 2.9.4 allows remote attacke ... |
| CVE-2015-8806 | dict.c in libxml2 allows remote attackers to cause a denial of service ... |
| CVE-2015-8710 | The htmlParseComment function in HTMLparser.c in libxml2 allows attack ... |
| CVE-2015-8317 | The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allow ... |
| CVE-2015-8242 | The xmlSAX2TextNode function in SAX2.c in the push interface in the HT ... |
| CVE-2015-8241 | The xmlNextChar function in libxml2 2.9.2 does not properly check the ... |
| CVE-2015-8035 | The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ... |
| CVE-2015-7942 | The xmlParseConditionalSections function in parser.c in libxml2 does n ... |
| CVE-2015-7941 | libxml2 2.9.2 does not properly stop parsing invalid input, which allo ... |
| CVE-2015-7500 | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows c ... |
| CVE-2015-7499 | Heap-based buffer overflow in the xmlGROW function in parser.c in libx ... |
| CVE-2015-7498 | Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ... |
| CVE-2015-7497 | Heap-based buffer overflow in the xmlDictComputeFastQKey function in d ... |
| CVE-2015-5312 | The xmlStringLenDecodeEntities function in parser.c in libxml2 before ... |
| CVE-2015-1819 | The xmlreader in libxml allows remote attackers to cause a denial of s ... |
| CVE-2014-3660 | parser.c in libxml2 before 2.9.2 does not properly prevent entity expa ... |
| CVE-2014-0191 | The xmlParserHandlePEReference function in parser.c in libxml2 before ... |
| CVE-2013-2877 | parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0 ... |
| CVE-2013-1969 | Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ... |
| CVE-2013-0339 | libxml2 through 2.9.1 does not properly handle external entities expan ... |
| CVE-2013-0338 | libxml2 2.9.0 and earlier allows context-dependent attackers to cause ... |
| CVE-2012-5134 | Heap-based buffer underflow in the xmlParseAttValueComplex function in ... |
| CVE-2012-2807 | Multiple integer overflows in libxml2, as used in Google Chrome before ... |
| CVE-2012-0841 | libxml2 before 2.8.0 computes hash values without restricting the abil ... |
| CVE-2011-3919 | Heap-based buffer overflow in libxml2, as used in Google Chrome before ... |
| CVE-2011-3905 | libxml2, as used in Google Chrome before 16.0.912.63, allows remote at ... |
| CVE-2011-3102 | Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084 ... |
| CVE-2011-2834 | Double free vulnerability in libxml2, as used in Google Chrome before ... |
| CVE-2011-2821 | Double free vulnerability in libxml2, as used in Google Chrome before ... |
| CVE-2011-1944 | Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ... |
| CVE-2011-0216 | Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ... |
| CVE-2010-4494 | Double free vulnerability in libxml2 2.7.8 and other versions, as used ... |
| CVE-2010-4008 | libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Appl ... |
| CVE-2009-2416 | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6 ... |
| CVE-2009-2414 | Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6 ... |
| CVE-2008-4409 | libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities ... |
| CVE-2008-4226 | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 al ... |
| CVE-2008-4225 | Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allo ... |
| CVE-2008-3529 | Heap-based buffer overflow in the xmlParseAttValueComplex function in ... |
| CVE-2008-3281 | libxml2 2.6.32 and earlier does not properly detect recursion during e ... |
| CVE-2007-6284 | The xmlCurrentChar function in libxml2 before 2.6.31 allows context-de ... |
| CVE-2004-0989 | Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and p ... |
| CVE-2004-0110 | Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ... |