Every CVE whose affected-product data names Xmlsoft Libxml2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (106)
CVE-2008-3529 — CVSS 10.0 (critical): Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers…
CVE-2004-0989 — CVSS 10.0 (critical): Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute…
CVE-2016-4448 — CVSS 9.8 (critical): Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown…
CVE-2017-16931 — CVSS 9.8 (critical): parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference…
CVE-2015-8710 — CVSS 9.8 (critical): The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service…
CVE-2017-7376 — CVSS 9.8 (critical): Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling…
CVE-2016-4658 — CVSS 9.8 (critical): xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other…
CVE-2017-7375 — CVSS 9.8 (critical): A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution…
CVE-2011-1944 — CVSS 9.3 (critical): Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows…
CVE-2024-40896 — CVSS 9.1 (critical): In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if…
CVE-2017-8872 — CVSS 9.1 (critical): The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or…
CVE-2017-15412 — CVSS 8.8 (high): Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to…
CVE-2021-3518 — CVSS 8.8 (high): There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application…
CVE-2016-5131 — CVSS 8.8 (high): Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a…
CVE-2017-5130 — CVSS 8.8 (high): An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a…
CVE-2021-3517 — CVSS 8.6 (high): There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted…
CVE-2016-1762 — CVSS 8.1 (high): The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a…
CVE-2022-40304 — CVSS 7.8 (high): An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading…
CVE-2024-56171 — CVSS 7.8 (high): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in…
CVE-2016-1834 — CVSS 7.8 (high): Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS…
CVE-2026-11979 — CVSS 7.8 (high): libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell()…
CVE-2016-1840 — CVSS 7.8 (high): Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before…
CVE-2025-24928 — CVSS 7.8 (high): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD…
CVE-2015-6838 — CVSS 7.5 (high): The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when…
CVE-2025-6021 — CVSS 7.5 (high): A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer…
CVE-2010-4494 — CVSS 7.5 (high): Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows…
CVE-2013-1969 — CVSS 7.5 (high): Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a…
CVE-2024-34459 — CVSS 7.5 (high): An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout…
CVE-2024-25062 — CVSS 7.5 (high): An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and…
CVE-2015-6837 — CVSS 7.5 (high): The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when…
CVE-2016-9597 — CVSS 7.5 (high): It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found…
CVE-2022-40303 — CVSS 7.5 (high): An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled…
CVE-2020-7595 — CVSS 7.5 (high): xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-20388 — CVSS 7.5 (high): xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-19956 — CVSS 7.5 (high): xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2015-8806 — CVSS 7.5 (high): dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an…
CVE-2017-9050 — CVSS 7.5 (high): libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This…
CVE-2017-9049 — CVSS 7.5 (high): libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This…
CVE-2017-9048 — CVSS 7.5 (high): libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is…
CVE-2017-9047 — CVSS 7.5 (high): A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to…
CVE-2004-0110 — CVSS 7.5 (high): Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to…
CVE-2016-3627 — CVSS 7.5 (high): The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to…
CVE-2016-3705 — CVSS 7.5 (high): The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the…
CVE-2016-4447 — CVSS 7.5 (high): The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service…
CVE-2016-4483 — CVSS 7.5 (high): The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service…
CVE-2016-4449 — CVSS 7.1 (high): XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in…
CVE-2015-5312 — CVSS 7.1 (high): The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows…
CVE-2012-2871 — CVSS 6.8 (medium): libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable…
CVE-2013-0339 — CVSS 6.8 (medium): libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or…
CVE-2012-5134 — CVSS 6.8 (medium): Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome…
CVE-2015-7942 — CVSS 6.8 (medium): The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid…
CVE-2026-6732 — CVSS 6.5 (medium): A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated…
CVE-2008-3281 — CVSS 6.5 (medium): libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent…
CVE-2009-2416 — CVSS 6.5 (medium): Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent…
CVE-2016-2073 — CVSS 6.5 (medium): The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a…
CVE-2016-9596 — CVSS 6.5 (medium): libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service…
CVE-2016-9598 — CVSS 6.5 (medium): libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and…
CVE-2017-18258 — CVSS 6.5 (medium): The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a…
CVE-2018-14404 — CVSS 6.5 (medium): A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an…
CVE-2018-14567 — CVSS 6.5 (medium): libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that…
CVE-2020-24977 — CVSS 6.5 (medium): GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has…
CVE-2021-3541 — CVSS 6.5 (medium): A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to…
CVE-2022-29824 — CVSS 6.5 (medium): In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows…
CVE-2023-28484 — CVSS 6.5 (medium): In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This…
CVE-2023-29469 — CVSS 6.5 (medium): An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in…
CVE-2023-39615 — CVSS 6.5 (medium): Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This…
CVE-2023-45322 — CVSS 6.5 (medium): libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in…
CVE-2003-1564 — CVSS 6.5 (medium): libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to…
CVE-2015-8241 — CVSS 6.4 (medium): The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of…
CVE-2025-9714 — CVSS 6.2 (medium): Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow…
CVE-2026-0990 — CVSS 5.9 (medium): A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI…
CVE-2021-3537 — CVSS 5.9 (medium): A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing…
CVE-2015-8242 — CVSS 5.8 (medium): The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers…
CVE-2025-32414 — CVSS 5.6 (medium): In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an…
CVE-2016-1836 — CVSS 5.5 (medium): Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before…
CVE-2016-1837 — CVSS 5.5 (medium): Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4…
CVE-2016-9318 — CVSS 5.5 (medium): libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the…
CVE-2016-1838 — CVSS 5.5 (medium): The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before…
CVE-2016-1833 — CVSS 5.5 (medium): The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and…
CVE-2016-1839 — CVSS 5.5 (medium): The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and…
CVE-2018-9251 — CVSS 5.3 (medium): The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite…
CVE-2008-4409 — CVSS 5.0 (medium): libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to…
CVE-2015-8317 — CVSS 5.0 (medium): The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an…
CVE-2015-7500 — CVSS 5.0 (medium): The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service…
CVE-2015-7499 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain…
CVE-2015-7498 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause…
CVE-2015-7497 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to…
CVE-2014-3660 — CVSS 5.0 (medium): parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows…
CVE-2013-2877 — CVSS 5.0 (medium): parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a…
CVE-2012-0841 — CVSS 5.0 (medium): libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows…
CVE-2017-5969 — CVSS 4.7 (medium): libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML…
CVE-2015-7941 — CVSS 4.3 (medium): libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service…
CVE-2010-4008 — CVSS 4.3 (medium): libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid…
CVE-2013-0338 — CVSS 4.3 (medium): libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file…
CVE-2009-2414 — CVSS 4.3 (medium): Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent…
CVE-2026-0989 — CVSS 3.7 (low): A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a…
CVE-2025-8732 — CVSS 3.3 (low): A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function…
CVE-2025-27113 — CVSS 2.9 (low): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
CVE-2025-32415 — CVSS 2.9 (low): In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To…
CVE-2026-0992 — CVSS 2.9 (low): A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that…
CVE-2015-8035 — CVSS 2.6 (low): The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to…
CVE-2025-6170 — CVSS 2.5 (low): A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long…