DLA-4251-1

Details

CVE-2025-49796 Debian Bug : 1071162 1107720 1107755 1107938

Multiple security issues were found in libxml2, the GNOME XML library, which could yield to denial of service or potentially arbitrary code execution.

CVE-2024-34459

Zhineng Zhong discovered that formatting error messages with `xmllint
--htmlout` could result in a buffer over-read.

CVE-2025-6021

Ahmed Lekssays discovered an integer overflow issue in
`xmlBuildQName()` which could result in memory corruption or a
denial of service when processing crafted input.

CVE-2025-6170

Ahmed Lekssays discovered a stack-based buffer overflow issue in the
command-parsing logic of the interactive shell in xmllint.

CVE-2025-49794

Nikita Sveshnikov discovered a heap use-after-free issue in the
schematron.  When processing XPath expressions in Schematron schema
elements `&lt;sch:name path=&quot;&#x2026;&quot;/&gt;`, a pointer to freed memory is
returned and then accessed, leading to undefined behavior or
potential crashes.

CVE-2025-49796

Nikita Sveshnikov discovered a type confusion issue in the
schematron.  Processing `sch:name` elements and accessing namespace
information may lead to leading to memory corruption or undefined
behavior.

Affected Packages

libxml2

Debian 11

Fixed in:

2.9.10+dfsg-6.7+deb11u8

References

ADVISORY

https://security-tracker.debian.org/tracker/DLA-4251-1