CVE-2025-24928: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur…

high7.7CVSS 3.1

AVLACLPRNUINSUCHIHAN

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Affected

18 ranges

Vendor	Product	Version range	Fixed in
debian	libxml2	< libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)	libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)
msrc	azl3_libxml2_2.11.5-4_on_azure_linux_3.0	—	—
msrc	azl3_libxml2_2.11.5-5_on_azure_linux_3.0	—	—
msrc	cbl2_libxml2_2.10.4-6_on_cbl_mariner_2.0	—	—
netapp	ontap	—	—
nokogiri	nokogiri	>= 0 < 1.18.3	1.18.3
xmlsoft	libxml2	< 2.12.10	2.12.10
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.7+deb11u6	2.9.10+dfsg-6.7+deb11u6
xmlsoft	libxml2	>= 0 < 2.9.14+dfsg-1.3~deb12u2	2.9.14+dfsg-1.3~deb12u2
xmlsoft	libxml2	>= 0 < 2.12.7+dfsg+really2.9.14-0.4	2.12.7+dfsg+really2.9.14-0.4
xmlsoft	libxml2	>= 0 < 2.12.7+dfsg+really2.9.14-0.4	2.12.7+dfsg+really2.9.14-0.4
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.9	2.9.10+dfsg-5ubuntu0.20.04.9
xmlsoft	libxml2	>= 0 < 2.9.13+dfsg-1ubuntu0.6	2.9.13+dfsg-1ubuntu0.6
xmlsoft	libxml2	>= 0 < 2.9.14+dfsg-1.3ubuntu3.2	2.9.14+dfsg-1.3ubuntu3.2
xmlsoft	libxml2	>= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm7	2.9.1+dfsg1-3ubuntu4.13+esm7
xmlsoft	libxml2	>= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm7	2.9.3+dfsg1-1ubuntu0.7+esm7
xmlsoft	libxml2	>= 0 < 2.9.4+dfsg1-6.1ubuntu1.9+esm2	2.9.4+dfsg1-6.1ubuntu1.9+esm2
xmlsoft	libxml2	>= 2.13.0 < 2.13.6	2.13.6

CVSS provenance

nvdv3.17.7HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ghsa9.8CRITICAL

osv9.8CRITICAL