Fluid Attacks Database

Description

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	libxml2	-	-
debian 11	libxml2	=2.12.3+dfsg-0exp1 \|\| =2.12.5+dfsg-0exp1 \|\| =2.12.6+dfsg-0exp1 \|\| =2.12.6+dfsg-0exp2 \|\| =2.12.7+dfsg+really2.9.14-0.1 \|\| =2.12.7+dfsg+really2.9.14-0.2 \|\| =2.12.7+dfsg+really2.9.14-0.3 \|\| =2.12.7+dfsg+really2.9.14-0.4 \|\| =2.12.7+dfsg+really2.9.14-1 \|\| =2.12.7+dfsg+really2.9.14-2 \|\| =2.12.7+dfsg+really2.9.14-2.1 \|\| =2.12.7+dfsg-1 \|\| =2.12.7+dfsg-2 \|\| =2.12.7+dfsg-3 \|\| =2.13.1+dfsg-0exp1 \|\| =2.13.3+dfsg-0exp1 \|\| =2.13.3+dfsg-0exp2 \|\| =2.14.1+dfsg-0exp1 \|\| =2.14.2+dfsg-0exp1 \|\| =2.14.3+dfsg-0exp1 \|\| =2.14.3+dfsg-0exp2 \|\| =2.14.3+dfsg-0exp3 \|\| =2.14.4+dfsg-0exp1 \|\| =2.14.5+dfsg-0.1 \|\| =2.14.5+dfsg-0.2 \|\| =2.14.5+dfsg-0exp1 \|\| =2.14.5+dfsg-0exp2 \|\| =2.14.6+dfsg-0.1 \|\| =2.15.0+dfsg-0.1 \|\| =2.15.0+dfsg-0.2 \|\| =2.15.0+dfsg-0.3 \|\| =2.15.1+dfsg-0.1 \|\| =2.15.1+dfsg-0.2 \|\| =2.15.1+dfsg-0.3 \|\| =2.15.1+dfsg-0.4 \|\| =2.15.1+dfsg-0.5 \|\| =2.15.1+dfsg-1 \|\| =2.15.1+dfsg-2 \|\| =2.15.2+dfsg-0.1 \|\| =2.9.10+dfsg-6.7 \|\| =2.9.10+dfsg-6.7+deb11u1 \|\| =2.9.10+dfsg-6.7+deb11u2 \|\| =2.9.10+dfsg-6.7+deb11u3 \|\| =2.9.10+dfsg-6.7+deb11u4 \|\| =2.9.10+dfsg-6.7+deb11u5 \|\| =2.9.10+dfsg-6.7+deb11u6 \|\| =2.9.10+dfsg-6.7+deb11u7 \|\| =2.9.10+dfsg-6.7+deb11u8 \|\| =2.9.10+dfsg-6.7+deb11u9 \|\| =2.9.12+dfsg-1 \|\| =2.9.12+dfsg-2 \|\| =2.9.12+dfsg-3 \|\| =2.9.12+dfsg-4 \|\| =2.9.12+dfsg-5 \|\| =2.9.12+dfsg-6 \|\| =2.9.13+dfsg-1 \|\| =2.9.14+dfsg-1 \|\| =2.9.14+dfsg-1.1 \|\| =2.9.14+dfsg-1.2 \|\| =2.9.14+dfsg-1.3 \|\| =2.9.14+dfsg-1.3~deb12u1 \|\| =2.9.14+dfsg-1.3~deb12u2 \|\| =2.9.14+dfsg-1.3~deb12u3 \|\| =2.9.14+dfsg-1.3~deb12u4 \|\| =2.9.14+dfsg-1.3~deb12u5	-
debian 12	libxml2	=2.12.3+dfsg-0exp1 \|\| =2.12.5+dfsg-0exp1 \|\| =2.12.6+dfsg-0exp1 \|\| =2.12.6+dfsg-0exp2 \|\| =2.12.7+dfsg+really2.9.14-0.1 \|\| =2.12.7+dfsg+really2.9.14-0.2 \|\| =2.12.7+dfsg+really2.9.14-0.3 \|\| =2.12.7+dfsg+really2.9.14-0.4 \|\| =2.12.7+dfsg+really2.9.14-1 \|\| =2.12.7+dfsg+really2.9.14-2 \|\| =2.12.7+dfsg+really2.9.14-2.1 \|\| =2.12.7+dfsg-1 \|\| =2.12.7+dfsg-2 \|\| =2.12.7+dfsg-3 \|\| =2.13.1+dfsg-0exp1 \|\| =2.13.3+dfsg-0exp1 \|\| =2.13.3+dfsg-0exp2 \|\| =2.14.1+dfsg-0exp1 \|\| =2.14.2+dfsg-0exp1 \|\| =2.14.3+dfsg-0exp1 \|\| =2.14.3+dfsg-0exp2 \|\| =2.14.3+dfsg-0exp3 \|\| =2.14.4+dfsg-0exp1 \|\| =2.14.5+dfsg-0.1 \|\| =2.14.5+dfsg-0.2 \|\| =2.14.5+dfsg-0exp1 \|\| =2.14.5+dfsg-0exp2 \|\| =2.14.6+dfsg-0.1 \|\| =2.15.0+dfsg-0.1 \|\| =2.15.0+dfsg-0.2 \|\| =2.15.0+dfsg-0.3 \|\| =2.15.1+dfsg-0.1 \|\| =2.15.1+dfsg-0.2 \|\| =2.15.1+dfsg-0.3 \|\| =2.15.1+dfsg-0.4 \|\| =2.15.1+dfsg-0.5 \|\| =2.15.1+dfsg-1 \|\| =2.15.1+dfsg-2 \|\| =2.15.2+dfsg-0.1 \|\| =2.9.14+dfsg-1.2 \|\| =2.9.14+dfsg-1.3 \|\| =2.9.14+dfsg-1.3~deb12u1 \|\| =2.9.14+dfsg-1.3~deb12u2 \|\| =2.9.14+dfsg-1.3~deb12u3 \|\| =2.9.14+dfsg-1.3~deb12u4 \|\| =2.9.14+dfsg-1.3~deb12u5	-
debian 13	libxml2	=2.12.7+dfsg+really2.9.14-2.1 \|\| =2.12.7+dfsg+really2.9.14-2.1+deb13u1 \|\| =2.12.7+dfsg+really2.9.14-2.1+deb13u2 \|\| =2.13.1+dfsg-0exp1 \|\| =2.13.3+dfsg-0exp1 \|\| =2.13.3+dfsg-0exp2 \|\| =2.14.1+dfsg-0exp1 \|\| =2.14.2+dfsg-0exp1 \|\| =2.14.3+dfsg-0exp1 \|\| =2.14.3+dfsg-0exp2 \|\| =2.14.3+dfsg-0exp3 \|\| =2.14.4+dfsg-0exp1 \|\| =2.14.5+dfsg-0.1 \|\| =2.14.5+dfsg-0.2 \|\| =2.14.5+dfsg-0exp1 \|\| =2.14.5+dfsg-0exp2 \|\| =2.14.6+dfsg-0.1 \|\| =2.15.0+dfsg-0.1 \|\| =2.15.0+dfsg-0.2 \|\| =2.15.0+dfsg-0.3 \|\| =2.15.1+dfsg-0.1 \|\| =2.15.1+dfsg-0.2 \|\| =2.15.1+dfsg-0.3 \|\| =2.15.1+dfsg-0.4 \|\| =2.15.1+dfsg-0.5 \|\| =2.15.1+dfsg-1 \|\| =2.15.1+dfsg-2 \|\| =2.15.2+dfsg-0.1	-
debian 14	libxml2	=2.12.7+dfsg+really2.9.14-2.1 \|\| =2.13.1+dfsg-0exp1 \|\| =2.13.3+dfsg-0exp1 \|\| =2.13.3+dfsg-0exp2 \|\| =2.14.1+dfsg-0exp1 \|\| =2.14.2+dfsg-0exp1 \|\| =2.14.3+dfsg-0exp1 \|\| =2.14.3+dfsg-0exp2 \|\| =2.14.3+dfsg-0exp3 \|\| =2.14.4+dfsg-0exp1 \|\| =2.14.5+dfsg-0.1 \|\| =2.14.5+dfsg-0.2 \|\| =2.14.5+dfsg-0exp1 \|\| =2.14.5+dfsg-0exp2 \|\| =2.14.6+dfsg-0.1 \|\| =2.15.0+dfsg-0.1 \|\| =2.15.0+dfsg-0.2 \|\| =2.15.0+dfsg-0.3 \|\| =2.15.1+dfsg-0.1 \|\| =2.15.1+dfsg-0.2 \|\| =2.15.1+dfsg-0.3 \|\| =2.15.1+dfsg-0.4 \|\| =2.15.1+dfsg-0.5 \|\| =2.15.1+dfsg-1 \|\| =2.15.1+dfsg-2 \|\| =2.15.2+dfsg-0.1	-
rpm rhel10	libxml2	-	-
rpm rhel7	libxml2	-	-
rpm rhel8	libxml2	-	-
rpm rhel9	libxml2	-	-
alpine v3.22	libxml2	>=0 <2.13.9-r1	2.13.9-r1

1-10 of 12

Aliases

1. CVE-2026-67322. NVD-2026-67323. OSV-2026-67324. OSV-DEBIAN-2026-67325. OSV-ALPINE-2026-67326. SECURITY-TRACKER-CVE-2026-67327. SECURITY-CVE-2026-6732

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.