CVE-2025-6021 Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

RHSA-2025:8958 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Mitigation Mitigation for this issue is either not...

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. Mitigation Mitigation is either unavailable or does not meet Red Hat Product Security...

CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

PT-2025-25307

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Red Hat Enterprise Linux versions 6 through 10 Red Hat JBoss Core Services affected versions not specified Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw was...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the xmlBuildQName function. An attacker can cause a crash and denial of service by supplying specially crafted XML input that triggers an integer overflow and subsequent stack buffer overflow. Remediation...

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2, which stems from an integer overflow in the buffer size calculation in the xmlBuildQName function that cou...

Oracle Linux 8 : libxml2 (ELSA-2025-8958)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8958 advisory. 2.9.7-20 - Fix CVE-2025-32414 RHEL-88198 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2025-1670)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.CVE-2025-27113 libxml2 before 2.12.10...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2025-1669)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.CVE-2025-27113 libxml2 before 2.12.10...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1670)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1669)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference due to a null pointer dereference while processing XPath XML expressions. An attacker can cause a crash and disrupt service availability by sending specially crafted input that triggers the dereference...

libxml2 security update

2.9.7-20 - Fix CVE-2025-32414 RHEL-88198...