XMLSoft Libxml2 2.11.0

CPE Details

XMLSoft Libxml2 2.11.0
xmlsoft
libxml2
2.11.0
2023-05-01
17h32 +00:00
2023-06-15
14h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:xmlsoft:libxml2:2.11.0:*:*:*:*:*:*:*

Informations

Vendor

xmlsoft

Product

libxml2

Version

2.11.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-27113 2025-02-18 00h00 +00:00 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
7.5
High
CVE-2024-25062 2024-02-03 23h00 +00:00 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
7.5
High
CVE-2023-45322 2023-10-05 22h00 +00:00 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
6.5
Medium
CVE-2023-39615 2023-08-28 22h00 +00:00 Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
6.5
Medium