OSV-2025-457

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2025-457

Published

2025-06-14T00:04:11.416575Z

Modified

2025-06-14T00:04:11.417116Z

Summary

Heap-buffer-overflow in xmlParsePubidLiteral

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=424242614

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
xmlParsePubidLiteral
xmlParseExternalID
xmlParseEntityDecl

References

Affected packages

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libxml2.git
Events: Introduced

bb7169b5ad77209989a7e60b530976618a7f0339

Fixed

a3992815b3d4caa4a6709406ca085c9f93856809

{
    "severity": "HIGH"
}

{
    "introduced_range": "f428bdd1d9eb71b192dc31c5eb789097c67e5132:30665ae4d1a7de6e2f7db7c23042aedf4a9657c0"
}