CVE-2025-24928

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-24928

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24928.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24928

Downstream

ALPINE-CVE-2025-24928

BELL-CVE-2025-24928

DEBIAN-CVE-2025-24928

DLA-4064-1

DSA-5949-1

ECHO-aab7-9325-81a4

JLSEC-2025-87

MINI-fm7f-wx8j-5r6j

MINI-r58f-vr8w-96ch

OESA-2025-1225

RHSA-2025:2482

RHSA-2025:2483

RHSA-2025:2507

RHSA-2025:2513

RHSA-2025:2654

RHSA-2025:2660

RHSA-2025:2673

RHSA-2025:2678

RHSA-2025:2679

RHSA-2025:2686

RLSA-2025:2679

RLSA-2025:2686

SUSE-SU-2025:0746-1

SUSE-SU-2025:0747-1

SUSE-SU-2025:0748-1

SUSE-SU-2025:0976-1

UBUNTU-CVE-2025-24928

USN-7302-1

openSUSE-SU-2025:14830-1

openSUSE-SU-2025:14999-1

Related

Published

2025-02-18T23:15:10.250Z

Modified

2026-02-07T05:27:49.270923Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

References

Affected packages

Git / gitlab.gnome.org/GNOME/libxml2

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libxml2
Events: Fixed

02d577715e1951cf114ca4e9adaf5605156c4f4c

Introduced

cdd2575f7fbab1d8162600f4048bc37503c80e28

Fixed

66453240c94b5cbd3e9ae9b32016fdafb13cdf18

Affected versions

v2.*

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.13.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24928.json"