MGASA-2025-0269 Updated libxml2 & libxslt packages fix security vulnerabilities

Heap use after free UAF leads to Denial of service DoS. CVE-2025-49794 Null pointer dereference leads to Denial of service DoS. CVE-2025-49795 Type confusion leads to Denial of service DoS. CVE-2025-49796 Integer Overflow Leading to Buffer Overflow in xmlBuildQName. CVE-2025-6021 Stack-based Buff...

Updated libxml2 & libxslt packages fix security vulnerabilities

Heap use after free UAF leads to Denial of service DoS. CVE-2025-49794 Null pointer dereference leads to Denial of service DoS. CVE-2025-49795 Type confusion leads to Denial of service DoS. CVE-2025-49796 Integer Overflow Leading to Buffer Overflow in xmlBuildQName. CVE-2025-6021 Stack-based Buff...

Linux Distros Unpatched Vulnerability : CVE-2025-12863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes ar...

CVE-2025-12863

Rejected reason: This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...

DEBIAN-CVE-2025-12863

A flaw was found in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory regi...

CVE-2025-12863

CVE-2025-12863 entry is rejected/not used and does not represent an active vulnerability.

EUVD-2025-38299

A flaw was found in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory regi...

CVE-2025-12863

...

CVE-2025-12863

...

CVE-2025-12863

Removed by vendor...

CVE-2025-12863

A flaw was found in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory regi...

编号撤回

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, XSH. A resource management error vulnerability exists in libxml2, which stems from an improper handling of namespace references in the xmlSetTreeDoc function,...

Use After Free

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Use After Free via the xmlSetTreeDoc function in the tree.c file. An attacker can cause a crash of services or applications by providing crafted XML content that triggers access to a...

PT-2025-45506

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description A flaw exists in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function manages document pointers during XML node movements between documents. Improper handling of...

ROOT-OS-DEBIAN-13-CVE-2025-9714 CVE-2025-9714 in rootio-libxml2 - Patched by Root

Root has patched CVE-2025-9714 in the rootio-libxml2 package for Root:Debian:13. Multiple fixed versions available...

Ubuntu: Security Advisory (USN-7852-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astra Linux – Vulnerability in libxml2

A use-after-free vulnerability was discovered in libxml2. This issue occurs when parsing XPath elements under certain circumstances, especially when the XML schema includes the schema element. This flaw allows a malicious actor to create a malicious XML document that can be used as input for...

Astra Linux - уязвимость в libxml2

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : libxml2 vulnerability (USN-7852-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7852-1 advisory. It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue to cause a crash,...

libxml2: Fix of 2 CVEs

CVE-2024-56171: fix use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c - CVE-2025-24928: fix stack-based buffer overflow in xmlSnprintfElements in valid.c...