CVE-2025-49796
BaseFortify
Publication date: 2025-06-16
Last updated on: 2026-04-19
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in libxml2 involves a type confusion flaw triggered by processing certain sch:name elements in an XML input file. An attacker can craft a malicious XML file that causes memory corruption, leading libxml2 to crash. This results in a denial of service or other undefined behaviors due to corrupted sensitive data in memory. [1]
How can this vulnerability impact me? :
The vulnerability can cause applications that rely on libxml2 for XML parsing to crash, resulting in a denial of service. This can disrupt services on Linux systems and potentially cause undefined behavior due to memory corruption, which might affect the stability and reliability of affected applications. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no fixed version or patch has been indicated yet, immediate mitigation steps include avoiding processing untrusted or malicious XML input files with libxml2, monitoring applications that use libxml2 for crashes or unusual behavior, and applying any available workarounds or updates from your Linux distribution's security team once released. [1]