libxml2 is vulnerable to XML External Entity (XXE) attacks. The library does not disable document type declaration by default, allowing a malicious user to pass a file that can lead to arbitrary code execution or information disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
libxml2.so | le | 2.9.4 | |
libxml2 | le | 2.7.8.7 |