VDB
JLSEC-2025-75
JLSEC-2025-75
PUBLISHED
CVSS 8.600000381469727 HIGH
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer...
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | XML2_jll | 0, 0 |
| Julia | XSLT_jll | 0, 0 |
Timeline
- Oct 17, 2025 CVE Published
- Nov 6, 2025 CVE Updated
- May 1, 2026 Distribution Patch
References
- http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html url
- http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html url
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab url
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd url
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 url
- https://gitlab.gnome.org/GNOME/libxslt/-/tags url
- https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/ url
- https://security.gentoo.org/glsa/202210-03 url
- https://security.netapp.com/advisory/ntap-20220715-0006/ url
- https://www.debian.org/security/2022/dsa-5142 url
- https://www.oracle.com/security-alerts/cpujul2022.html url