CVE-2025-6170

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-6170
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6170.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-6170
Downstream
Related
Published
2025-06-16T16:15:20Z
Modified
2025-07-31T04:51:43.763979Z
Severity
  • 2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

References

Affected packages

Debian:11 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.10+dfsg-6.7+deb11u8

Affected versions

2.*

2.9.10+dfsg-6.7
2.9.10+dfsg-6.7+deb11u1
2.9.10+dfsg-6.7+deb11u2
2.9.10+dfsg-6.7+deb11u3
2.9.10+dfsg-6.7+deb11u4
2.9.10+dfsg-6.7+deb11u5
2.9.10+dfsg-6.7+deb11u6
2.9.10+dfsg-6.7+deb11u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.14+dfsg-1.2
2.9.14+dfsg-1.3~deb12u1
2.9.14+dfsg-1.3~deb12u2
2.9.14+dfsg-1.3~deb12u3
2.9.14+dfsg-1.3
2.12.3+dfsg-0exp1
2.12.5+dfsg-0exp1
2.12.6+dfsg-0exp1
2.12.6+dfsg-0exp2
2.12.7+dfsg-1
2.12.7+dfsg-2
2.12.7+dfsg-3
2.12.7+dfsg+really2.9.14-0.1
2.12.7+dfsg+really2.9.14-0.2
2.12.7+dfsg+really2.9.14-0.3
2.12.7+dfsg+really2.9.14-0.4
2.12.7+dfsg+really2.9.14-1
2.12.7+dfsg+really2.9.14-2
2.12.7+dfsg+really2.9.14-2.1
2.13.1+dfsg-0exp1
2.13.3+dfsg-0exp1
2.13.3+dfsg-0exp2
2.14.1+dfsg-0exp1
2.14.2+dfsg-0exp1
2.14.3+dfsg-0exp1
2.14.3+dfsg-0exp2
2.14.3+dfsg-0exp3
2.14.4+dfsg-0exp1
2.14.5+dfsg-0exp1
2.14.5+dfsg-0exp2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / libxml2

Package

Name
libxml2
Purl
pkg:deb/debian/libxml2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.7+dfsg+really2.9.14-2.1

Affected versions

2.*

2.12.7+dfsg+really2.9.14-2

Ecosystem specific

{
    "urgency": "unimportant"
}