CVE-2025-49796

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-49796
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-49796.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-49796
Downstream
Related
Published
2025-06-16T16:15:19Z
Modified
2025-07-09T14:48:08.679647Z
Summary
[none]
Details

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

References

Affected packages

Debian:11 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.10+dfsg-6.7
2.9.10+dfsg-6.7+deb11u1
2.9.10+dfsg-6.7+deb11u2
2.9.10+dfsg-6.7+deb11u3
2.9.10+dfsg-6.7+deb11u4
2.9.10+dfsg-6.7+deb11u5
2.9.10+dfsg-6.7+deb11u6
2.9.10+dfsg-6.7+deb11u7
2.9.12+dfsg-1
2.9.12+dfsg-2
2.9.12+dfsg-3
2.9.12+dfsg-4
2.9.12+dfsg-5
2.9.12+dfsg-6
2.9.13+dfsg-1
2.9.14+dfsg-1
2.9.14+dfsg-1.1
2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3
2.14.4+dfsg-0exp1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3
2.14.4+dfsg-0exp1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3
2.14.4+dfsg-0exp1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}