CVE-2025-8732
BaseFortify
Publication date: 2025-08-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | libxml2 | 2.14.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in libxml2 up to version 2.14.5, specifically in the xmlParseSGMLCatalog function of the xmlcatalog component. It involves uncontrolled recursion caused by manipulating SGML catalogs. Exploiting this vulnerability requires local access and untrusted SGML catalogs, which are rarely used. The maintainer doubts the practical impact since using untrusted SGML catalogs is not sensible and likely uncommon.
How can this vulnerability impact me? :
The vulnerability can lead to uncontrolled recursion when processing SGML catalogs locally, potentially causing a denial of service or resource exhaustion. However, since exploitation requires local access and untrusted SGML catalogs, and the use of such catalogs is uncommon, the practical impact is likely limited.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability requires local attack and involves untrusted SGML catalogs, immediate mitigation steps include avoiding the use of untrusted SGML catalogs and not using SGML catalogs at all, as recommended by the code maintainer. Additionally, ensure that libxml2 is updated beyond version 2.14.5 if a fix becomes available.