| Package | libxml2 |
|---|---|
| Version | 2.9.4+dfsg1-2.2+deb9u14 (stretch), 2.9.4+dfsg1-7+deb10u12 (buster) |
| Related CVEs | CVE-2024-34459 CVE-2025-6021 CVE-2025-6170 CVE-2025-49794 CVE-2025-49796 |
- CVE-2024-34459
-
Zhineng Zhong discovered that formatting error messages with
xmllint --htmloutcould result in a buffer over-read. - CVE-2025-6021
-
Ahmed Lekssays discovered an integer overflow issue in
xmlBuildQName()which could result in memory corruption or a denial of service when processing crafted input. - CVE-2025-6170
-
Ahmed Lekssays discovered a stack-based buffer overflow issue in the command-parsing logic of the interactive shell in xmllint.
- CVE-2025-49794
-
Nikita Sveshnikov discovered a heap use-after-free issue in the schematron. When processing XPath expressions in Schematron schema elements
<sch:name path="…"/>, a pointer to freed memory is returned and then accessed, leading to undefined behavior or potential crashes. - CVE-2025-49796
-
Nikita Sveshnikov discovered a type confusion issue in the schematron. Processing
sch:nameelements and accessing namespace information may lead to leading to memory corruption or undefined behavior.
For Debian 10 buster, these problems have been fixed in version 2.9.4+dfsg1-7+deb10u12.
For Debian 9 stretch, these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u14.
We recommend that you upgrade your libxml2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.