libxml2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description XML parsing library, version 2
Version 2.9.12-2 [testing]
2.9.10-9 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1883 2.9.10-9 2.9.11-1 Medium Testing FS#70822
Issue Group Severity Remote Type Description
CVE-2021-3541 AVG-1883 Low Yes Denial of service
A security issue was found in libxml2 before version 2.9.11. Exponential entity expansion attack its possible bypassing all existing protection mechanisms...
CVE-2021-3537 AVG-1883 Low Yes Denial of service
It was found that libxml2 before version 2.9.11 did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML...
CVE-2021-3518 AVG-1883 Medium Yes Arbitrary code execution
A use-after-free security issue was found in libxml2 before version 2.9.11 in xmlXIncludeDoProcess() in xinclude.c when processing crafted files.
CVE-2021-3517 AVG-1883 Medium Yes Arbitrary code execution
A heap-based buffer overflow was found in libxml2 before version 2.9.11 when processing truncated UTF-8 input.
CVE-2021-3516 AVG-1883 Medium No Arbitrary code execution
A use-after-free security issue was found libxml2 before version 2.9.11 when "xmllint --html --push" is used to process crafted files.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1263 2.9.10-5 2.9.10-6 Medium Fixed FS#68510
AVG-672 2.9.8-4 2.9.8-5 Medium Fixed
AVG-671 2.9.5+6+g07e227ed-1 2.9.6+3+g5af594d8-1 Medium Fixed
AVG-56 2.9.4+4+g3169602-1 2.9.4+12+ge905f08-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2020-24977 AVG-1263 Medium Yes Information disclosure
GNOME project libxml2 <= 2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
CVE-2020-7595 AVG-1263 Medium Yes Denial of service
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-20388 AVG-1263 Medium Yes Denial of service
A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed...
CVE-2018-9251 AVG-672 Medium Yes Denial of service
A security issue has been found in libxml2 <= 2.9.8 compiled with LZMA support enabled, in the xz_decomp function in xzlib.c. This flaw allows a remote...
CVE-2017-18258 AVG-671 Medium Yes Denial of service
A security issue has been found in libxml2 <= 2.9.6 compiled with LZMA support enabled, in the xz_head function in xzlib.c. This flaw allows a remote...
CVE-2016-5131 AVG-56 Critical Yes Arbitrary code execution
Bugs in xmlXPathEvalExpr and xmlXPtrRangeToFunction can lead to a use- after-free and allow control of the instruction pointer.
CVE-2016-4658 AVG-56 Critical Yes Arbitrary code execution
A use-after-free vulnerability via namespace nodes in XPointer ranges was found in libxml2.

Advisories

Date Advisory Group Severity Type
17 Nov 2020 ASA-202011-15 AVG-1263 Medium multiple issues
01 Oct 2018 ASA-201810-3 AVG-672 Medium denial of service
01 Nov 2016 ASA-201611-2 AVG-56 Critical arbitrary code execution