
We found results for “”
CVE-2025-49794
Good to know:

Date: June 16, 2025
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Severity Score
Related Resources (18)
Severity Score
Weakness Type (CWE)
Expired Pointer Dereference
CWE-825Top Fix

Upgrade Version
Upgrade to version https://gitlab.gnome.org/GNOME/libxml2.git - null
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | HIGH |