libxml2 (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package libxml2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (21)
CVE-2021-3518 — CVSS 8.8 (high): There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application…
CVE-2021-3517 — CVSS 8.6 (high): There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted…
CVE-2022-40304 — CVSS 7.8 (high): An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading…
CVE-2021-3516 — CVSS 7.8 (high): There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint…
CVE-2020-7595 — CVSS 7.5 (high): xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2024-34459 — CVSS 7.5 (high): An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout…
CVE-2024-25062 — CVSS 7.5 (high): An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and…
CVE-2019-19956 — CVSS 7.5 (high): xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2022-40303 — CVSS 7.5 (high): An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled…
CVE-2019-20388 — CVSS 7.5 (high): xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2021-3541 — CVSS 6.5 (medium): A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to…
CVE-2020-24977 — CVSS 6.5 (medium): GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has…
CVE-2022-29824 — CVSS 6.5 (medium): In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows…
CVE-2023-28484 — CVSS 6.5 (medium): In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This…
CVE-2023-29469 — CVSS 6.5 (medium): An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in…
CVE-2023-39615 — CVSS 6.5 (medium): Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This…
CVE-2023-45322 — CVSS 6.5 (medium): libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in…
CVE-2021-3537 — CVSS 5.9 (medium): A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing…