libxml2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the libxml2 package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2024-34459

*
  • L
Use After Free

*
  • L
Use After Free

*
  • L
Out-of-Bounds

*
  • M
NULL Pointer Dereference

<2.9.4+dfsg1-7+deb10u6
  • M
Double Free

<2.9.4+dfsg1-7+deb10u6
  • H
Integer Overflow or Wraparound

<2.9.4+dfsg1-7+deb10u5
  • H
Double Free

<2.9.4+dfsg1-7+deb10u5
  • L
Cross-site Scripting (XSS)

*
  • L
NULL Pointer Dereference

*
  • M
Integer Overflow or Wraparound

<2.9.4+dfsg1-7+deb10u4
  • H
Use After Free

<2.9.4+dfsg1-7+deb10u3
  • M
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<2.9.4+dfsg1-7+deb10u2
  • M
NULL Pointer Dereference

<2.9.4+dfsg1-7+deb10u2
  • H
Use After Free

<2.9.4+dfsg1-7+deb10u2
  • H
Use After Free

<2.9.4+dfsg1-7+deb10u2
  • H
Out-of-bounds Write

<2.9.4+dfsg1-7+deb10u2
  • M
Out-of-bounds Read

<2.9.4+dfsg1-7+deb10u2
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.9.4+dfsg1-7+deb10u1
  • H
Memory Leak

<2.9.4+dfsg1-7+deb10u1
  • H
Missing Release of Resource after Effective Lifetime

<2.9.4+dfsg1-7+deb10u1
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.9.4+dfsg1-7+deb10u1
  • H
NULL Pointer Dereference

<2.9.4+dfsg1-7+deb10u1
  • H
Use After Free

<2.9.4+dfsg1-5.2
  • M
Allocation of Resources Without Limits or Throttling

<2.9.4+dfsg1-7+deb10u1
  • C
XML External Entity (XXE) Injection

<2.9.4+dfsg1-3.1
  • C
Out-of-Bounds

<2.9.4+dfsg1-3.1
  • H
Out-of-bounds Write

<2.9.4+dfsg1-5.1
  • C
Out-of-Bounds

<2.9.4+dfsg1-3.1
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • H
Out-of-bounds Write

<2.9.4+dfsg1-3.1
  • H
Out-of-bounds Read

<2.9.4+dfsg1-3.1
  • H
Out-of-bounds Read

<2.9.4+dfsg1-3.1
  • H
Out-of-Bounds

<2.9.4+dfsg1-3.1
  • H
Out-of-Bounds

<2.9.4+dfsg1-3.1
  • C
Out-of-bounds Read

<2.9.4+dfsg1-6.1
  • H
Deserialization of Untrusted Data

<2.9.3+dfsg1-1.1
  • M
NULL Pointer Dereference

<2.9.4+dfsg1-5.1
  • L
XML External Entity (XXE) Injection

*
  • C
Out-of-Bounds

<2.9.4+dfsg1-2.1
  • H
Use After Free

<2.9.4+dfsg1-2.1
  • H
Improper Input Validation

<2.9.3+dfsg1-1.1
  • C
Use of Externally-Controlled Format String

<2.9.4+dfsg1-1
  • H
Out-of-Bounds

<2.9.3+dfsg1-1.1
  • M
Out-of-bounds Read

<2.9.3+dfsg1-1.1
  • H
Out-of-Bounds

<2.9.3+dfsg1-1.1
  • M
Use After Free

<2.9.3+dfsg1-1.1
  • M
Out-of-bounds Read

<2.9.3+dfsg1-1.1
  • H
Out-of-Bounds

<2.9.3+dfsg1-1.1
  • M
Use After Free

<2.9.3+dfsg1-1.1
  • M
Out-of-bounds Read

<2.9.3+dfsg1-1.1
  • H
Out-of-Bounds

<2.9.3+dfsg1-1.1
  • H
Improper Input Validation

<2.9.3+dfsg1-1.1
  • H
Improper Input Validation

<2.9.3+dfsg1-1.1
  • H
CVE-2015-8806

<2.9.3+dfsg1-1.1
  • C
Out-of-Bounds

<2.9.2+really2.9.1+dfsg1-0.1
  • H
Out-of-Bounds

<2.9.3+dfsg1-1.1
  • M
Out-of-Bounds

<2.9.3+dfsg1-1.1
  • M
Out-of-Bounds

<2.9.3+dfsg1-1
  • M
Out-of-Bounds

<2.9.3+dfsg1-1
  • M
Out-of-Bounds

<2.9.2+zdfsg1-4
  • M
Out-of-Bounds

<2.9.3+dfsg1-1
  • M
Out-of-Bounds

<2.9.3+dfsg1-1
  • M
Out-of-Bounds

<2.9.3+dfsg1-1
  • M
Resource Management Errors

<2.9.3+dfsg1-1
  • M
Out-of-Bounds

<2.9.3+dfsg1-1
  • M
Out-of-Bounds

<2.9.2+really2.9.1+dfsg1-0.1
  • M
Out-of-Bounds

<2.9.3+dfsg1-1
  • L
Resource Management Errors

<2.9.3+dfsg1-1
  • L
Resource Management Errors

<2.9.2+really2.9.1+dfsg1-0.1
  • M
CVE-2014-0191

<2.9.1+dfsg1-4
  • M
CVE-2014-3660

<2.9.2+dfsg1-1
  • M
Access Restriction Bypass

<2.8.0+dfsg1-7+nmu1
  • M
Out-of-Bounds

<2.9.1+dfsg1-1
  • M
Out-of-Bounds

<2.8.0+dfsg1-7+nmu1
  • M
Resource Management Errors

<2.7.8.dfsg-8
  • M
Out-of-Bounds

<2.8.0+dfsg1-7
  • M
Numeric Errors

<2.8.0+dfsg1-5
  • M
Numeric Errors

<2.7.8.dfsg-9.1
  • H
Out-of-bounds Write

<2.7.8.dfsg-7
  • M
Out-of-bounds Read

<2.7.8.dfsg-5.1
  • L
Double Free

<2.7.8.dfsg-5
  • H
Numeric Errors

<2.7.8.dfsg-3
  • L
Double Free

<2.7.8.dfsg-5
  • H
Numeric Errors

<2.7.8.dfsg-5.1
  • H
Double Free

<2.7.8.dfsg-2
  • M
Out-of-Bounds

<2.7.8.dfsg-1
  • M
Out-of-Bounds

<2.7.3.dfsg-2.1
  • L
Resource Management Errors

<2.7.3.dfsg-2.1
  • H
Numeric Errors

<2.6.32.dfsg-5
  • C
Resource Management Errors

<2.6.32.dfsg-5
  • C
Out-of-Bounds

<2.6.32.dfsg-4
  • M
Resource Management Errors

<2.6.32.dfsg-3
  • M
Resource Management Errors

<2.6.30.dfsg-3.1
  • C
CVE-2004-0989

<2.6.11-5
  • H
CVE-2004-0110

<2.6.6-1