XMLSoft Libxml2 2.11.0

CPE Details

XMLSoft Libxml2 2.11.0
2.11.0
2023-05-01
17h32 +00:00
2023-06-15
14h33 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:xmlsoft:libxml2:2.11.0:*:*:*:*:*:*:*

Informations

Vendor

xmlsoft

Product

libxml2

Version

2.11.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-27113 2025-02-18 00h00 +00:00 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
7.5
Haute
CVE-2024-25062 2024-02-03 23h00 +00:00 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
7.5
Haute
CVE-2023-45322 2023-10-05 22h00 +00:00 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
6.5
Moyen
CVE-2023-39615 2023-08-28 22h00 +00:00 Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
6.5
Moyen