Vulnerabilities > Xmlsoft

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-29824 Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows.
4.3
2022-02-26 CVE-2022-23308 Use After Free vulnerability in Xmlsoft Libxml2
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
network
xmlsoft CWE-416
4.3
2021-08-03 CVE-2021-30560 Use After Free vulnerability in multiple products
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.8
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat oracle netapp CWE-776
4.0
2021-06-01 CVE-2021-3516 Use After Free vulnerability in multiple products
There's a flaw in libxml2's xmllint in versions before 2.9.11.
6.8
2021-05-19 CVE-2021-3517 Out-of-bounds Write vulnerability in multiple products
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
7.5
2021-05-18 CVE-2021-3518 Use After Free vulnerability in multiple products
There's a flaw in libxml2 in versions before 2.9.11.
6.8
2021-05-14 CVE-2021-3537 NULL Pointer Dereference vulnerability in multiple products
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference.
4.3
2020-09-04 CVE-2020-24977 Out-of-bounds Read vulnerability in multiple products
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
6.4
2020-01-21 CVE-2020-7595 Infinite Loop vulnerability in multiple products
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
5.0