CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49794.json",
    "cwe_ids": [
        "CWE-825"
    ],
    "cna_assigner": "redhat"
}

References

Affected packages

Git / gitlab.gnome.org/gnome/libxml2

Affected ranges

Type

GIT

Repo

https://gitlab.gnome.org/gnome/libxml2

Events

Introduced

Fixed

0bea77c8289324483c0504d36ac730bb03f6a70b

Database specific

{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.15.0"
        }
    ]
}

Affected versions

Other

CVE-2013-2877

CVE-2014-0191

CVE-2014-3660

CVE-2015-1819

CVE-2015-5312

CVE-2015-7497

CVE-2015-7498

CVE-2015-7499-1

CVE-2015-7499-2

CVE-2015-7500

CVE-2015-7941_1

CVE-2015-7941_2

CVE-2015-7942

CVE-2015-7942-2

CVE-2015-8035

CVE-2015-8242

CVE-2015-8317

CVE-2016-1762

CVE-2016-1833

CVE-2016-1834

CVE-2016-1835

CVE-2016-1836

CVE-2016-1837

CVE-2016-1838

CVE-2016-1839

CVE-2016-1840

CVE-2016-3627

CVE-2016-3705

CVE-2016-4449

CVE-2016-4483

CVE-2021-3541

EAZEL-NAUTILUS-MS-AUG07

FOR_GNOME_0_99_1

GNOME_0_30

GNOME_PRINT_0_24

GNUMERIC_FIRST_PUBLIC_RELEASE

LIBXML2_2_4_21

LIBXML2_2_5_0

LIBXML2_2_5_10

LIBXML2_2_5_7

LIBXML2_2_5_8

LIBXML2_2_5_9

LIBXML2_2_5_x

LIBXML2_2_6_1

LIBXML2_2_6_11

LIBXML2_2_6_12

LIBXML2_2_6_13

LIBXML2_2_6_14

LIBXML2_2_6_15

LIBXML2_2_6_16

LIBXML2_2_6_18

LIBXML2_2_6_19

LIBXML2_2_6_2

LIBXML2_2_6_20

LIBXML2_2_6_21

LIBXML2_2_6_22

LIBXML2_2_6_23

LIBXML2_2_6_24

LIBXML2_2_6_26

LIBXML2_2_6_27

LIBXML2_2_6_28

LIBXML2_2_6_3

LIBXML2_2_6_4

LIBXML2_2_6_5

LIBXML2_2_6_6

LIBXML2_2_6_7

LIBXML2_2_6_8

LIBXML2_2_6_9

LIBXML2_6_0

LIBXML_0_99

LIBXML_1_5_0

LIBXML_1_8_5

LIBXML_1_8_6

LIBXML_2_0_0

LIBXML_2_1_0

LIBXML_2_1_1

LIBXML_2_2_1

LIBXML_2_2_3

LIBXML_2_2_4

LIBXML_2_2_6

LIBXML_2_2_7

LIBXML_2_2_8

LIBXML_2_3_0

LIBXML_2_3_10

LIBXML_2_3_11

LIBXML_2_3_12

LIBXML_2_3_13

LIBXML_2_3_14

LIBXML_2_3_2

LIBXML_2_3_3

LIBXML_2_3_4

LIBXML_2_3_5

LIBXML_2_3_6

LIBXML_2_3_7

LIBXML_2_3_8

LIBXML_2_3_9

LIBXML_2_4_0

LIBXML_2_4_11

LIBXML_2_4_12

LIBXML_2_4_13

LIBXML_2_4_14

LIBXML_2_4_16

LIBXML_2_4_18

LIBXML_2_4_2

LIBXML_2_4_20

LIBXML_2_4_22

LIBXML_2_4_23

LIBXML_2_4_24

LIBXML_2_4_25

LIBXML_2_4_26

LIBXML_2_4_27

LIBXML_2_4_29

LIBXML_2_4_3

LIBXML_2_4_30

LIBXML_2_4_4

LIBXML_2_4_6

LIBXML_2_4_7

LIBXML_2_5_1

LIBXML_2_5_2

LIBXML_2_5_3

LIBXML_2_5_4

LIBXML_2_5_5

LIBXML_2_5_6

LIBXML_2_6_10

LIBXML_TEST_2_0_0

LIB_XML_1_1

LIB_XML_1_3

LIB_XML_1_4

LIB_XML_1_6_1

LIB_XML_1_6_2

LIB_XML_1_7_0

LIB_XML_1_7_1

LIB_XML_1_7_3

LIB_XML_1_8_3

LIB_XML_1_X

PRE_MUCKUP

PRE_MUCKUP2

PRE_MUCKUP3

help

LIBXML2.*

LIBXML2.6.32

LIBXML2.7.0

LIBXML2.7.1

LIBXML2.7.2

LIBXML2.7.3

v2.*

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.14.0

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.8.0

v2.8.0-rc1

v2.8.0-rc2

v2.9.0

v2.9.0-rc2

v2.9.1

v2.9.10

v2.9.10-rc1

v2.9.11

v2.9.12

v2.9.13

v2.9.2

v2.9.2-rc1

v2.9.2-rc2

v2.9.3

v2.9.4

v2.9.4-rc1

v2.9.4-rc2

v2.9.5

v2.9.5-rc1

v2.9.5-rc2

v2.9.6

v2.9.6-rc1

v2.9.7

v2.9.7-rc1

v2.9.8

v2.9.8-rc1

v2.9.9

v2.9.9-rc1

v2.9.9-rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-49794.json"