Untriaged
Permalink
CVE-2025-49795
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Libxml: null pointer dereference leads to denial of service (dos)
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
References
Affected products
libxml2
- *
- <2.15.0
Red Hat JBoss Core Services 2.4.62.SP2
Matching in nixpkgs
pkgs.libxml2_13
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.13.8
pkgs.libxml2Python
None
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.sbclPackages.cl-libxml2
None
-
nixos-unstable -
- nixpkgs-unstable libxml2-20130615-git
pkgs.python312Packages.libxml2
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.python313Packages.libxml2
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libxml-2.0%22
Test whether libxml2-2.14.5 exposes pkg-config modules libxml-2.0
-
nixos-unstable -
- nixpkgs-unstable libxml2
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@lukego Luke Gorrie <luke@snabb.co>