CVE-2025-9714
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-11-03
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xmlsoft | libxml2 | to 2.10.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an uncontrolled recursion issue in the XPath evaluation functions of libxml2 up to version 2.9.14. Specifically, certain XPath processing functions reset recursion depth incorrectly, which allows recursive calls to exceed the intended limit. This can cause a stack overflow when processing crafted XPath expressions.
How can this vulnerability impact me? :
An attacker with local access can exploit this vulnerability to cause a stack overflow, potentially leading to a denial of service (application crash) on systems using vulnerable versions of libxml2. There is no indication of confidentiality or integrity impact, but availability can be affected.