libxml2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the libxml2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M CVE-2025-9714	<2.12.7+dfsg+really2.9.14-2.1+deb13u2
L Improper Resource Shutdown or Release	*
L Stack-based Buffer Overflow	<2.12.7+dfsg+really2.9.14-2.1
C Out-of-bounds Read	<2.12.7+dfsg+really2.9.14-2
C Expired Pointer Dereference	<2.12.7+dfsg+really2.9.14-2
H Out-of-bounds Write	<2.12.7+dfsg+really2.9.14-2
H Out-of-bounds Read	<2.12.7+dfsg+really2.9.14-1
H Unchecked Return Value	<2.12.7+dfsg+really2.9.14-1
H NULL Pointer Dereference	<2.12.7+dfsg+really2.9.14-0.4
H CVE-2025-24928	<2.12.7+dfsg+really2.9.14-0.4
C CVE-2024-56171	<2.12.7+dfsg+really2.9.14-0.4
H CVE-2022-49043	<2.12.7+dfsg+really2.9.14-0.4
L CVE-2024-34459	<2.12.7+dfsg+really2.9.14-0.4
H Use After Free	<2.12.7+dfsg+really2.9.14-1
M Use After Free	<2.12.7+dfsg+really2.9.14-1
M Out-of-Bounds	<2.12.7+dfsg+really2.9.14-1
M NULL Pointer Dereference	<2.9.14+dfsg-1.2
M Double Free	<2.9.14+dfsg-1.2
H Integer Overflow or Wraparound	<2.9.14+dfsg-1.1
H Double Free	<2.9.14+dfsg-1.1
M Cross-site Scripting (XSS)	<2.9.12+dfsg-3
H NULL Pointer Dereference	<2.9.14+dfsg-1.3
M Integer Overflow or Wraparound	<2.9.14+dfsg-1
H Use After Free	<2.9.13+dfsg-1
M Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<2.9.10+dfsg-6.7
M NULL Pointer Dereference	<2.9.10+dfsg-6.6
H Use After Free	<2.9.10+dfsg-6.6
H Use After Free	<2.9.10+dfsg-6.6
H Out-of-bounds Write	<2.9.10+dfsg-6.6
L Out-of-bounds Read	<2.9.10+dfsg-6.2
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2.9.10+dfsg-2.1
H Memory Leak	<2.9.10+dfsg-2.1
H Missing Release of Resource after Effective Lifetime	<2.9.10+dfsg-2
M Loop with Unreachable Exit Condition ('Infinite Loop')	<2.9.10+dfsg-2
L NULL Pointer Dereference	<2.9.10+dfsg-2
H Use After Free	<2.9.4+dfsg1-5.2
L Allocation of Resources Without Limits or Throttling	<2.9.10+dfsg-2
C XML External Entity (XXE) Injection	<2.9.4+dfsg1-3.1
C Out-of-Bounds	<2.9.4+dfsg1-3.1
H Out-of-bounds Write	<2.9.4+dfsg1-5.1
C Out-of-Bounds	<2.9.4+dfsg1-3.1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2.9.10+dfsg-2
H Out-of-bounds Write	<2.9.4+dfsg1-3.1
H Out-of-Bounds	<2.9.4+dfsg1-3.1
H Out-of-bounds Read	<2.9.4+dfsg1-3.1
H Out-of-Bounds	<2.9.4+dfsg1-3.1
H Out-of-bounds Read	<2.9.4+dfsg1-3.1
C Out-of-bounds Read	<2.9.4+dfsg1-6.1
H Deserialization of Untrusted Data	<2.9.3+dfsg1-1.1
M NULL Pointer Dereference	<2.9.4+dfsg1-5.1
M XML External Entity (XXE) Injection	<2.9.10+dfsg-2
C Out-of-Bounds	<2.9.4+dfsg1-2.1
H Use After Free	<2.9.4+dfsg1-2.1
H Improper Input Validation	<2.9.3+dfsg1-1.1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
C Use of Externally-Controlled Format String	<2.9.4+dfsg1-1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
M Out-of-bounds Read	<2.9.3+dfsg1-1.1
M Use After Free	<2.9.3+dfsg1-1.1
M Use After Free	<2.9.3+dfsg1-1.1
M Out-of-bounds Read	<2.9.3+dfsg1-1.1
M Out-of-bounds Read	<2.9.3+dfsg1-1.1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
H Improper Input Validation	<2.9.3+dfsg1-1.1
H Improper Input Validation	<2.9.3+dfsg1-1.1
H CVE-2015-8806	<2.9.3+dfsg1-1.1
C Out-of-Bounds	<2.9.2+really2.9.1+dfsg1-0.1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
M Out-of-Bounds	<2.9.3+dfsg1-1.1
M Out-of-Bounds	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.2+zdfsg1-4
M Resource Management Errors	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.2+really2.9.1+dfsg1-0.1
L Resource Management Errors	<2.9.3+dfsg1-1
L Resource Management Errors	<2.9.2+really2.9.1+dfsg1-0.1
M CVE-2014-0191	<2.9.1+dfsg1-4
M CVE-2014-3660	<2.9.2+dfsg1-1
M Access Restriction Bypass	<2.8.0+dfsg1-7+nmu1
M Out-of-Bounds	<2.9.1+dfsg1-1
M Out-of-Bounds	<2.8.0+dfsg1-7+nmu1
M Resource Management Errors	<2.7.8.dfsg-8
M Out-of-Bounds	<2.8.0+dfsg1-7
M Numeric Errors	<2.8.0+dfsg1-5
M Numeric Errors	<2.7.8.dfsg-9.1
H Out-of-bounds Write	<2.7.8.dfsg-7
M Out-of-bounds Read	<2.7.8.dfsg-5.1
L Double Free	<2.7.8.dfsg-5
H Numeric Errors	<2.7.8.dfsg-3
L Double Free	<2.7.8.dfsg-5
H Numeric Errors	<2.7.8.dfsg-5.1
H Double Free	<2.7.8.dfsg-2
M Out-of-Bounds	<2.7.8.dfsg-1
M Out-of-Bounds	<2.7.3.dfsg-2.1
L Resource Management Errors	<2.7.3.dfsg-2.1
H Numeric Errors	<2.6.32.dfsg-5
C Resource Management Errors	<2.6.32.dfsg-5
C Out-of-Bounds	<2.6.32.dfsg-4
M Resource Management Errors	<2.6.32.dfsg-3
M Resource Management Errors	<2.6.30.dfsg-3.1
C CVE-2004-0989	<2.6.11-5
H CVE-2004-0110	<2.6.6-1

Vulnerability

Vulnerable Version

CVE-2025-9714

<2.12.7+dfsg+really2.9.14-2.1+deb13u2