Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-49795

Опубликовано: 16 июн. 2025
Источник: debian
EPSS Низкий

Описание

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxml2not-affectedpackage

Примечания

  • https://gitlab.gnome.org/GNOME/libxml2/-/issues/932

  • Introduced by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2cc93f77543b5721257f795f303bfb56a4b384c7 (v2.10.0)

  • Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765 (master)

  • Follow up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/24d7e15914588cb45e7fb41cbe4fcf785e1a4861 (master)

  • Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667 (2.14)

EPSS

Процентиль: 17%
0.00054
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-49795

CVSS3: 7.5
ubuntu
около 2 месяцев назад

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

redhat логотип

CVE-2025-49795

CVSS3: 7.5
redhat
около 2 месяцев назад

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

nvd логотип

CVE-2025-49795

CVSS3: 7.5
nvd
около 2 месяцев назад

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

github логотип

GHSA-gg7j-w83p-fxr9

CVSS3: 7.5
github
около 2 месяцев назад

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

fstec логотип

BDU:2025-08977

CVSS3: 7.5
fstec
2 месяца назад

Уязвимость функции xmlSchematronFormatReport() компонента Schematron Schema Report библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 17%
0.00054
Низкий