Two security issues were found in libxml2, the GNOME XML library, which could yield denial of service or heap corruption.
CVE-2025-9714
It was discovered that recursion evaluation in XPath evaluation is
uncontrolled and therefore allows a local attacker to cause a stack
overflow via crafted expressions.
CVE-2025-7425
Sergei Glazunov discovered a heap-use-after-free in xmlFreeID()
caused by `atype` corruption. While the vulnerability was reported
against libxslt, the XSLT 1.0 processing library, it is now
mitigated in this libxml2 version.
2.9.10+dfsg-6.7+deb11u9