Releases240
Frequency1 month 1 week
Last Release
Stars750
Read-only mirror of https://gitlab.gnome.org/GNOME/libxml2

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 2.9.137.5 HIGH4.3 MEDIUM

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

<= 2.9.47.5 HIGH

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

<= 2.9.47.5 HIGH5 MEDIUM

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.