CVE-2025-12863Use After Free in Azl3 Libxml2 2.11.5-7 ON Azure Linux 3.0

CWE-416Use After Free3 documents3 sources
Severity
7.5HIGH
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Xmlsoft Libxml2Msrc Azl3 Libxml2 2.11.5-7 ON Azure Linux 3.0Msrc Azl3 Libxml2 2.11.5-8 ON Azure Linux 3.0+1 more
Timeline
PublishedNov 11

Description

Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2 Mariner: Mariner redhat: redhat Customer Action Required: Yes

Affected Packages4 packages

Debianxmlsoft/libxml2< 2.15.1+dfsg-0.4

🔴Vulnerability Details

2
OSV
CVE-2025-12863: A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library2025-11-07
GHSA
GHSA-9fwq-22j4-xfwr: A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library2025-11-07

📋Vendor Advisories

1
Microsoft
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml22025-11-11