CVE-2025-49794

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-49794

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-49794.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-49794

Downstream

BELL-CVE-2025-49794

DEBIAN-CVE-2025-49794

DLA-4251-1

ECHO-87d5-bef1-89b5

OESA-2025-1768

OESA-2025-1769

OESA-2025-1770

OESA-2025-1898

OESA-2025-1899

OESA-2025-1900

RHSA-2025:10630

RHSA-2025:10698

RHSA-2025:10699

RHSA-2025:11580

RHSA-2025:12098

RHSA-2025:12099

RHSA-2025:12199

RHSA-2025:12237

RHSA-2025:12239

RHSA-2025:12240

RHSA-2025:12241

RLSA-2025:10698

SUSE-SU-2025:02260-1

SUSE-SU-2025:02294-1

UBUNTU-CVE-2025-49794

USN-7694-1

Related

Published

2025-06-16T16:15:18Z

Modified

2025-09-15T18:15:38Z

Summary

[none]

Details

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

References

Affected packages