Vulnerabilities > Xmlsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-17 | CVE-2025-32415 | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. | 7.5 |
| 2025-04-08 | CVE-2025-32414 | Unchecked Return Value vulnerability in Xmlsoft Libxml2 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. | 7.5 |
| 2025-02-18 | CVE-2025-27113 | Unspecified vulnerability in Xmlsoft Libxml2 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. | 7.5 |
| 2024-02-04 | CVE-2024-25062 | Use After Free vulnerability in Xmlsoft Libxml2 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. | 7.5 |
| 2022-11-23 | CVE-2022-40304 | Double Free vulnerability in multiple products An issue was discovered in libxml2 before 2.10.3. | 7.8 |
| 2022-11-23 | CVE-2022-40303 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in libxml2 before 2.10.3. | 7.5 |
| 2022-02-26 | CVE-2022-23308 | Use After Free vulnerability in multiple products valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | 7.5 |
| 2021-08-03 | CVE-2021-30560 | Use After Free vulnerability in multiple products Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-06-01 | CVE-2021-3516 | Use After Free vulnerability in multiple products There's a flaw in libxml2's xmllint in versions before 2.9.11. | 7.8 |
| 2021-05-19 | CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. | 8.6 |