libxml2 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the libxml2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Memory Leak	<2.15.2+dfsg-0.1
L Resource Exhaustion	<2.15.2+dfsg-0.1
L Uncontrolled Recursion	<2.15.2+dfsg-0.1
M Uncontrolled Recursion	<2.15.2+dfsg-0.1
M CVE-2025-9714	<2.14.5+dfsg-0.1
H Unchecked Return Value	<2.12.7+dfsg+really2.9.14-1
C Expired Pointer Dereference	<2.12.7+dfsg+really2.9.14-2
M Use After Free	<2.12.7+dfsg+really2.9.14-1
H Out-of-bounds Write	<2.12.7+dfsg+really2.9.14-2
L NULL Pointer Dereference	<2.9.10+dfsg-2
C XML External Entity (XXE) Injection	<2.9.4+dfsg1-3.1
C Out-of-Bounds	<2.9.4+dfsg1-3.1
L Allocation of Resources Without Limits or Throttling	<2.9.10+dfsg-2
H CVE-2025-24928	<2.12.7+dfsg+really2.9.14-0.4
M XML External Entity (XXE) Injection	<2.9.10+dfsg-2
H Deserialization of Untrusted Data	<2.9.3+dfsg1-1.1
H Missing Release of Resource after Effective Lifetime	<2.9.10+dfsg-2
C Out-of-Bounds	<2.9.4+dfsg1-2.1
H CVE-2015-8806	<2.9.3+dfsg1-1.1
M Out-of-Bounds	<2.9.3+dfsg1-1
L Improper Resource Shutdown or Release	*
M Out-of-Bounds	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.1+dfsg1-1
M CVE-2014-3660	<2.9.2+dfsg1-1
H Out-of-bounds Read	<2.12.7+dfsg+really2.9.14-1
M Out-of-Bounds	<2.8.0+dfsg1-7
H Out-of-bounds Read	<2.9.4+dfsg1-3.1
M Out-of-Bounds	<2.9.2+zdfsg1-4
H Double Free	<2.9.14+dfsg-1.1
L Double Free	<2.7.8.dfsg-5
H Numeric Errors	<2.7.8.dfsg-3
M NULL Pointer Dereference	<2.9.14+dfsg-1.2
C Out-of-bounds Read	<2.9.4+dfsg1-6.1
M Resource Management Errors	<2.6.30.dfsg-3.1
H Use After Free	<2.9.4+dfsg1-5.2
H Out-of-bounds Write	<2.9.4+dfsg1-5.1
H Out-of-Bounds	<2.9.4+dfsg1-3.1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2.9.10+dfsg-2
H Out-of-Bounds	<2.9.3+dfsg1-1.1
M Use After Free	<2.9.3+dfsg1-1.1
M Out-of-Bounds	<2.9.3+dfsg1-1.1
M Out-of-Bounds	<2.12.7+dfsg+really2.9.14-1
M Out-of-bounds Read	<2.9.3+dfsg1-1.1
H Use After Free	<2.12.7+dfsg+really2.9.14-1
M Out-of-Bounds	<2.8.0+dfsg1-7+nmu1
C CVE-2024-56171	<2.12.7+dfsg+really2.9.14-0.4
M Resource Management Errors	<2.9.3+dfsg1-1
M Integer Overflow or Wraparound	<2.9.14+dfsg-1
M NULL Pointer Dereference	<2.9.10+dfsg-6.6
H Out-of-bounds Read	<2.9.4+dfsg1-3.1
C Out-of-Bounds	<2.6.32.dfsg-4
M NULL Pointer Dereference	<2.9.4+dfsg1-5.1
H Numeric Errors	<2.6.32.dfsg-5
H Use After Free	<2.9.4+dfsg1-2.1
L Resource Management Errors	<2.7.3.dfsg-2.1
H Use After Free	<2.9.10+dfsg-6.6
C Use of Externally-Controlled Format String	<2.9.4+dfsg1-1
M Out-of-bounds Read	<2.9.3+dfsg1-1.1
M Out-of-bounds Read	<2.9.3+dfsg1-1.1
C Out-of-bounds Read	<2.12.7+dfsg+really2.9.14-2
H CVE-2022-49043	<2.12.7+dfsg+really2.9.14-0.4
H Use After Free	<2.9.13+dfsg-1
H Out-of-bounds Write	<2.9.10+dfsg-6.6
H Memory Leak	<2.9.10+dfsg-2.1
H NULL Pointer Dereference	<2.12.7+dfsg+really2.9.14-0.4
M Out-of-bounds Read	<2.7.8.dfsg-5.1
H Out-of-Bounds	<2.9.4+dfsg1-3.1
H CVE-2004-0110	<2.6.6-1
M Resource Management Errors	<2.6.32.dfsg-3
C Out-of-Bounds	<2.9.4+dfsg1-3.1
H Improper Input Validation	<2.9.3+dfsg1-1.1
C Out-of-Bounds	<2.9.2+really2.9.1+dfsg1-0.1
M Out-of-Bounds	<2.9.2+really2.9.1+dfsg1-0.1
L Stack-based Buffer Overflow	<2.12.7+dfsg+really2.9.14-2.1
M Double Free	<2.9.14+dfsg-1.2
H Integer Overflow or Wraparound	<2.9.14+dfsg-1.1
M Out-of-Bounds	<2.9.3+dfsg1-1
H Improper Input Validation	<2.9.3+dfsg1-1.1
M Out-of-Bounds	<2.9.3+dfsg1-1
L CVE-2024-34459	<2.12.7+dfsg+really2.9.14-0.4
M Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<2.9.10+dfsg-6.7
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2.9.10+dfsg-2.1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<2.9.10+dfsg-2
M Resource Management Errors	<2.7.8.dfsg-8
H Numeric Errors	<2.7.8.dfsg-5.1
H Use After Free	<2.9.10+dfsg-6.6
H Out-of-bounds Write	<2.9.4+dfsg1-3.1
H Improper Input Validation	<2.9.3+dfsg1-1.1
C CVE-2004-0989	<2.6.11-5
M Out-of-Bounds	<2.9.3+dfsg1-1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
M Numeric Errors	<2.8.0+dfsg1-5
L Resource Management Errors	<2.9.2+really2.9.1+dfsg1-0.1
L Double Free	<2.7.8.dfsg-5
H Out-of-bounds Write	<2.7.8.dfsg-7
M Out-of-Bounds	<2.7.8.dfsg-1
M Out-of-Bounds	<2.7.3.dfsg-2.1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
H Double Free	<2.7.8.dfsg-2
L Out-of-bounds Read	<2.9.10+dfsg-6.2
H NULL Pointer Dereference	<2.9.14+dfsg-1.3
M Cross-site Scripting (XSS)	<2.9.12+dfsg-3
M Use After Free	<2.9.3+dfsg1-1.1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
H Out-of-Bounds	<2.9.3+dfsg1-1.1
L Resource Management Errors	<2.9.3+dfsg1-1
M Out-of-Bounds	<2.9.3+dfsg1-1
M CVE-2014-0191	<2.9.1+dfsg1-4
M Out-of-Bounds	<2.9.3+dfsg1-1
C Resource Management Errors	<2.6.32.dfsg-5
M Access Restriction Bypass	<2.8.0+dfsg1-7+nmu1
M Numeric Errors	<2.7.8.dfsg-9.1

Vulnerability

Vulnerable Version

Memory Leak

<2.15.2+dfsg-0.1