CVE-2025-49794
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-49794
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49794.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-49794
- Related
- Published
- 2025-06-16T16:15:18Z
- Modified
- 2025-07-09T14:49:19.467968Z
- Downstream
- Summary
- [none]
- Details
-
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
- References
-
- https://access.redhat.com/errata/RHSA-2025:10630
- https://access.redhat.com/errata/RHSA-2025:10698
- https://access.redhat.com/errata/RHSA-2025:10699
- https://bugzilla.redhat.com/show_bug.cgi?id=2372373
- https://access.redhat.com/security/cve/CVE-2025-49794
- https://security-tracker.debian.org/tracker/CVE-2025-49794
Affected packages
Debian:11 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.9.10+dfsg-6.7
2.9.10+dfsg-6.7+deb11u1
2.9.10+dfsg-6.7+deb11u2
2.9.10+dfsg-6.7+deb11u3
2.9.10+dfsg-6.7+deb11u4
2.9.10+dfsg-6.7+deb11u5
2.9.10+dfsg-6.7+deb11u6
2.9.10+dfsg-6.7+deb11u7
2.9.12+dfsg-1
2.9.12+dfsg-2
2.9.12+dfsg-3
2.9.12+dfsg-4
2.9.12+dfsg-5
2.9.12+dfsg-6
2.9.13+dfsg-1
2.9.14+dfsg-1
2.9.14+dfsg-1.1
2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3
2.14.4+dfsg-0exp1
Debian:12 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3
2.14.4+dfsg-0exp1
Debian:13 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3
2.14.4+dfsg-0exp1