CVE-2025-49796

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions libxml2 (affected versions not specified)

Description A memory corruption issue can be triggered in libxml2 by processing certain sch:name elements from an input XML file. This allows an attacker to craft a malicious XML input file, potentially leading to a denial of service or other undefined behavior due to sensitive data corruption in memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Type Confusion

Out of bounds Read

Untrusted Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-125CWE-822

Related Identifiers

ALSA-2025:10630

ALSA-2025:10698

ALSA-2025:10699

AZL-64092

AZL-64130

BDU:2025-08978

CESA-2025_10698

CVE-2025-49796

DLA-4251-1

ECHO-2F9B-2B25-B4F7

GHSA-353F-X4GH-CQQ8

INFSA-2025_10698

INFSA-2025_10699

MGASA-2025-0269

OESA-2025-1768

OESA-2025-1769

OESA-2025-1770

OESA-2025-1898

OESA-2025-1899

OESA-2025-1900

OPENSUSE-SU-2025:15321-1

RHSA-2025:10630

RHSA-2025:10698

RHSA-2025:10699

RHSA-2025:11580

RHSA-2025:12098

RHSA-2025:12099

RHSA-2025:12199

RHSA-2025:12237

RHSA-2025:12239

RHSA-2025:12240

RHSA-2025:12241

RHSA-2025_10698

RHSA-2025_10699

RHSA-2026:7519

SUSE-SU-2025:02260-1

SUSE-SU-2025:02275-1

SUSE-SU-2025:02294-1

SUSE-SU-2025:02314-1

SUSE-SU-2025:02355-1

SUSE-SU-2025:20564-1

SUSE-SU-2025:20607-1

SUSE-SU-2025_02260-1

SUSE-SU-2025_02275-1

SUSE-SU-2025_02294-1

SUSE-SU-2025_02314-1

SUSE-SU-2025_02355-1

USN-7694-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libxml2

CVE-2025-49796

Weakness Enumeration

Related Identifiers

Affected Products

References · 160