xmlsoft libxml2 CVE Vulnerabilities (106)

CVEs: 106 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting xmlsoft libxml2 (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 101106 of 106 CVEs
«« First « Prev Page 6 / 6 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2008-4409 libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. [email protected] 5.0 8.53% 2008-10-03 2026-06-16
CVE-2008-3529 Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. [email protected] 10.0 23.37% 2008-09-12 2026-06-16
CVE-2008-3281 libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. [email protected] 6.5 2.51% 2008-08-27 2026-06-16
CVE-2004-0989 Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. [email protected] 10.0 21.69% 2005-03-01 2026-06-16
CVE-2004-0110 Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. [email protected] 7.5 24.23% 2004-03-15 2026-06-16
CVE-2003-1564 libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." [email protected] 6.5 1.62% 2003-12-31 2026-06-16
«« First « Prev Page 6 / 6 Next »
cvelogic Threat Intelligence