TencentOS Server 3: libxml2 (TSSA-2025:0642)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0642 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2025-18412

Malicious code in bioql PyPI...

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper namespace processing of sch:name elements in xmlSchematronFormatReport function. An attacker can cause a denial of service or potentially execute arbitrary code by providing specially crafted XML input...

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference via 'xmlSchematronGetNode function in Schematron validator. An attacker can cause a crash or execute arbitrary code by triggering use of freed memory. Remediation Upgrade libxml2 to version 2.14.5 or higher...