CVE-2025-6170

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-6170
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6170.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-6170
Downstream
Related
Published
2025-06-16T16:15:20Z
Modified
2025-07-01T16:11:51.691610Z
Severity
  • 2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

References

Affected packages

Debian:11 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.10+dfsg-6.7
2.9.10+dfsg-6.7+deb11u1
2.9.10+dfsg-6.7+deb11u2
2.9.10+dfsg-6.7+deb11u3
2.9.10+dfsg-6.7+deb11u4
2.9.10+dfsg-6.7+deb11u5
2.9.10+dfsg-6.7+deb11u6
2.9.10+dfsg-6.7+deb11u7
2.9.12+dfsg-1
2.9.12+dfsg-2
2.9.12+dfsg-3
2.9.12+dfsg-4
2.9.12+dfsg-5
2.9.12+dfsg-6
2.9.13+dfsg-1
2.9.14+dfsg-1
2.9.14+dfsg-1.1
2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3

Ecosystem specific 

{
    "urgency": "unimportant"
}