OSV-2025-457

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libxml2/OSV-2025-457.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-457
Published
2025-06-14T00:04:11.416575Z
Modified
2025-06-14T00:04:11.417116Z
Summary
Heap-buffer-overflow in xmlParsePubidLiteral
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=424242614

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
xmlParsePubidLiteral
xmlParseExternalID
xmlParseEntityDecl
References

Affected packages

OSS-Fuzz / libxml2

Package

Name
libxml2
Purl
pkg:generic/libxml2

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/GNOME/libxml2.git
Events
Introduced
bb7169b5ad77209989a7e60b530976618a7f0339
Fixed
a3992815b3d4caa4a6709406ca085c9f93856809

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

introduced_range 
"f428bdd1d9eb71b192dc31c5eb789097c67e5132:30665ae4d1a7de6e2f7db7c23042aedf4a9657c0"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libxml2/OSV-2025-457.yaml"