← Back

Libxmljs Project

libxmljs_project

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Libxmljs
libxmljs
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-25341
1Libxmljs Project
1Libxmljs
Dec 31, 2025
Dec 26, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a...Show more
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).Show less
CVE-2024-34392
1Libxmljs Project
1Libxmljs
Oct 10, 2025
May 2, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to...Show more
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.Show less
CVE-2024-34391
1Libxmljs Project
1Libxmljs
Oct 10, 2025
May 2, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial o...Show more
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).Show less
CVE-2022-21144
1Libxmljs Project
1Libxmljs
Nov 21, 2024
May 1, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString va...Show more
This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.Show less