libxml2 (SUSE:Linux Enterprise Server 15 SP3-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 15 SP3-LTSS package libxml2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2025-49794 — CVSS 9.1 (critical): A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML…
CVE-2025-49796 — CVSS 9.1 (critical): A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue…
CVE-2025-7425 — CVSS 7.8 (high): A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When…
CVE-2024-56171 — CVSS 7.8 (high): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in…
CVE-2025-24928 — CVSS 7.8 (high): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD…
CVE-2024-25062 — CVSS 7.5 (high): An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and…
CVE-2025-6021 — CVSS 7.5 (high): A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer…
CVE-2023-28484 — CVSS 6.5 (medium): In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This…
CVE-2022-29824 — CVSS 6.5 (medium): In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows…
CVE-2023-39615 — CVSS 6.5 (medium): Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This…
CVE-2021-3541 — CVSS 6.5 (medium): A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to…
CVE-2023-29469 — CVSS 6.5 (medium): An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in…
CVE-2025-27113 — CVSS 2.9 (low): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
CVE-2025-6170 — CVSS 2.5 (low): A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long…