Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:libxml2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Libxml2 (25332bc6-e84a-5dab-beec-6c8321a9b983) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8732 |
vulnerable | 2026-06-08 07:45:21.079580 |
libxml2 xmlcatalog xmlParseSGMLCatalog recursion
LOW (3.3)
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."
Published: 2025-08-08T16:32:06.990Z
Updated: 2026-06-02T12:59:45.337Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3541 |
vulnerable | 2026-06-08 05:33:52.741126 |
Details available
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
Published: 2021-07-09T16:02:21.000Z
Updated: 2024-08-03T17:01:07.290Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3537 |
vulnerable | 2026-06-08 05:33:52.732784 |
Details available
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Published: 2021-05-14T19:50:10.000Z
Updated: 2024-08-03T17:01:08.318Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3518 |
vulnerable | 2026-06-08 05:33:52.611424 |
Details available
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Published: 2021-05-18T11:20:24.000Z
Updated: 2024-08-03T17:01:07.460Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3517 |
vulnerable | 2026-06-08 05:33:52.595496 |
Details available
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
Published: 2021-05-19T13:45:00.000Z
Updated: 2025-12-02T21:34:00.585Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3516 |
vulnerable | 2026-06-08 05:33:52.590139 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-3709 |
vulnerable | 2026-06-08 05:07:45.839214 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.