CVE-2022-49043
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a
use-after-free.
CVE-2023-39615
libxml2 v2.11.0 was discovered to contain an out-of-bounds read via
the xmlSAX2StartElement() function at /libxml2/SAX2.c. This
vulnerability allows attackers to cause a Denial of Service (DoS)
via supplying a crafted XML file. NOTE: the vendor's position is
that the product does not support the legacy SAX1 interface with
custom callbacks; there is a crash even without crafted input.
CVE-2023-45322
libxml2 through 2.11.5 has a use-after-free that can only occur
after a certain memory allocation fails. This occurs in
xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't
think these issues are critical enough to warrant a CVE ID ...
because an attacker typically can't control when memory allocations
fail."
CVE-2024-25062
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before
Get the latest Linux and open source security news straight to your inbox.