VDB
ALPINE-CVE-2025-27113
ALPINE-CVE-2025-27113
PUBLISHED
CVSS 7.5 HIGH
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.21 | libxml2 | 2.7.6-r3, 2.9.4-r3, 2.9.4-r2 |
| Alpine:v3.22 | libxml2 | 2.9.9-r3, 2.9.9-r2, 2.9.9-r1 |
| Alpine:v3.23 | libxml2 | 2.7.6-r1, 0, 2.10.0-r0 |
| Alpine:v3.19 | libxml2 | 2.10.2-r0, 2.10.2-r1, 2.10.3-r0 |
| Alpine:v3.20 | libxml2 | 2.9.1-r1, 2.9.8-r2, 2.9.8-r1 |
| Alpine:v3.18 | libxml2 | 2.9.6-r0, 2.9.5-r0, 2.9.4-r4 |
Exploit Intelligence
- TestCommand.yaml (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- ios_v2_generated.go (github-poc)
- ios_v1_generated.go (github-poc)
- visionos_v2_generated.go (github-poc)
- watchos_v2_generated.go (github-poc)
- tvos_v2_generated.go (github-poc)
Timeline
- Feb 18, 2025 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch