Xmlsoft
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Xmlsoft product.
RSS Feeds for Xmlsoft security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Xmlsoft products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Xmlsoft Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 3 vulnerabilities in Xmlsoft with an average score of 7.5 out of ten. Last year, in 2024 Xmlsoft had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2025 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 3 | 7.50 |
| 2024 | 1 | 7.50 |
| 2023 | 4 | 6.50 |
| 2022 | 5 | 7.08 |
| 2021 | 6 | 7.73 |
| 2020 | 3 | 7.17 |
| 2019 | 5 | 7.08 |
| 2018 | 7 | 6.94 |
It may take a day or so for new Xmlsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xmlsoft Security Vulnerabilities
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read
CVE-2025-32415
7.5 - High
- April 17, 2025
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Out-of-bounds Read
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings)
CVE-2025-32414
7.5 - High
- April 08, 2025
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
Unchecked Return Value
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
CVE-2025-27113
7.5 - High
- February 18, 2025
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5
CVE-2024-25062
7.5 - High
- February 04, 2024
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
Dangling pointer
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails
CVE-2023-45322
6.5 - Medium
- October 06, 2023
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
Dangling pointer
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c
CVE-2023-39615
6.5 - Medium
- August 29, 2023
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
Buffer Overflow
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault
CVE-2023-28484
6.5 - Medium
- April 24, 2023
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
NULL Pointer Dereference
An issue was discovered in libxml2 before 2.10.4
CVE-2023-29469
6.5 - Medium
- April 24, 2023
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Double-free
An issue was discovered in libxml2 before 2.10.3
CVE-2022-40304
7.8 - High
- November 23, 2022
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Double-free
An issue was discovered in libxml2 before 2.10.3
CVE-2022-40303
7.5 - High
- November 23, 2022
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Integer Overflow or Wraparound