CVE-2025-27113: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

24 ranges

Vendor	Product	Version range	Fixed in
apple	ios_18.4_and_ipados	—	—
apple	ipados	—	—
apple	macos_sequoia	—	—
apple	macos_sonoma	—	—
apple	macos_ventura	—	—
apple	tvos	—	—
apple	visionos	—	—
apple	watchos	—	—
debian	libxml2	< libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)	libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)
msrc	azl3_libxml2_2.11.5-4_on_azure_linux_3.0	—	—
msrc	azl3_libxml2_2.11.5-5_on_azure_linux_3.0	—	—
msrc	cbl2_libxml2_2.10.4-6_on_cbl_mariner_2.0	—	—
xmlsoft	libxml2	< 2.12.10	2.12.10
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.7+deb11u6	2.9.10+dfsg-6.7+deb11u6
xmlsoft	libxml2	>= 0 < 2.9.14+dfsg-1.3~deb12u2	2.9.14+dfsg-1.3~deb12u2
xmlsoft	libxml2	>= 0 < 2.12.7+dfsg+really2.9.14-0.4	2.12.7+dfsg+really2.9.14-0.4
xmlsoft	libxml2	>= 0 < 2.12.7+dfsg+really2.9.14-0.4	2.12.7+dfsg+really2.9.14-0.4
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.9	2.9.10+dfsg-5ubuntu0.20.04.9
xmlsoft	libxml2	>= 0 < 2.9.13+dfsg-1ubuntu0.6	2.9.13+dfsg-1ubuntu0.6
xmlsoft	libxml2	>= 0 < 2.9.14+dfsg-1.3ubuntu3.2	2.9.14+dfsg-1.3ubuntu3.2
xmlsoft	libxml2	>= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm7	2.9.1+dfsg1-3ubuntu4.13+esm7
xmlsoft	libxml2	>= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm7	2.9.3+dfsg1-1ubuntu0.7+esm7
xmlsoft	libxml2	>= 0 < 2.9.4+dfsg1-6.1ubuntu1.9+esm2	2.9.4+dfsg1-6.1ubuntu1.9+esm2
xmlsoft	libxml2	>= 2.13.0 < 2.13.6	2.13.6

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv7.8HIGH