PT-2025-7047 · Libxml2+12 · Libxml2+12

Published

2025-01-28

·

Updated

2026-05-08

·

CVE-2025-24928

CVSS v3.1

7.8

High

VectorAV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.12.10 and earlier, 2.13.x versions prior to 2.13.6
Description The issue is a stack-based buffer overflow in the xmlSnprintfElements function in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD.
Recommendations For libxml2 versions 2.12.10 and earlier, and 2.13.x versions prior to 2.13.6, update to version 2.12.10 or 2.13.6 or later to resolve the issue. As a temporary workaround, consider disabling DTD validation for untrusted documents or DTDs until a patch is available.

Fix

DoS

Stack Overflow

Weakness Enumeration

CWE-121

Related Identifiers

ALSA-2025:2679
ALSA-2025:2686
ALT-PU-2025-13303
ALT-PU-2025-13305
ALT-PU-2025-6978
AZL-56931
AZL-57031
BDU:2025-05193
BIT-JAVA-2025-24928
BIT-JAVA-MIN-2025-24928
BIT-JRE-2025-24928
CESA-2025_2686
CVE-2025-24928
DLA-4064-1
DSA-5949-1
ECHO-AAB7-9325-81A4
INFSA-2025_2679
INFSA-2025_2686
MGASA-2025-0073
OESA-2025-1225
OPENSUSE-SU-2025:14830-1
OPENSUSE-SU-2025:14999-1
OPENSUSE-SU-2025_0746-1
OPENSUSE-SU-2025_0748-1
OPENSUSE-SU-2025_0976-1
RHSA-2025:2482
RHSA-2025:2483
RHSA-2025:2507
RHSA-2025:2513
RHSA-2025:2654
RHSA-2025:2660
RHSA-2025:2673
RHSA-2025:2678
RHSA-2025:2679
RHSA-2025:2686
RHSA-2025_2679
RHSA-2025_2686
ROSA-SA-2025-2868
SUSE-SU-2025:0746-1
SUSE-SU-2025:0747-1
SUSE-SU-2025:0748-1
SUSE-SU-2025:0976-1
SUSE-SU-2025:20177-1
SUSE-SU-2025:20274-1
USN-7302-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libxml2