VDB
ALPINE-CVE-2025-24928
ALPINE-CVE-2025-24928
PUBLISHED
CVSS 7.699999809265137 HIGH
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
Risk Scores
CVSS 3.1
7.699999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.24 | libxml2 | 2.13.0 |
| Alpine:v3.18 | libxml2 | 2.13.0, 2.9.9-r3, 2.9.9-r2 |
| Alpine:v3.19 | libxml2 | 2.7.6-r2, 2.7.6-r0, 2.7.3-r0 |
| Alpine:v3.23 | libxml2 | 2.7.7-r3, 0, 2.10.0-r0 |
| Alpine:v3.20 | libxml2 | 2.9.10-r0, 2.9.10-r1, 2.9.10-r0 |
| Alpine:v3.21 | libxml2 | 2.12.8-r0, 2.13.4-r1, 2.13.4-r2 |
| Alpine:v3.22 | libxml2 | 0, 2.7.6-r2, 2.9.4-r0 |
Timeline
- Feb 18, 2025 CVE Published
- Apr 30, 2026 Distribution Patch
- Jul 8, 2026 CVE Updated