Debian 11: DLA-4251-1 libxml2 Important Denial of Service Risk
debian lts
July 26, 2025
Multiple security issues were found in libxml2, the GNOME XML library, which could yield to denial of service or potentially arbitrary code execution
Topics Covered
Summary
CVE-2024-34459
Zhineng Zhong discovered that formatting error messages with `xmllint
--htmlout` could result in a buffer over-read.
CVE-2025-6021
Ahmed Lekssays discovered an integer overflow issue in
`xmlBuildQName()` which could result in memory corruption or a
denial of service when processing crafted input.
CVE-2025-6170
Ahmed Lekssays discovered a stack-based buffer overflow issue in the
command-parsing logic of the interactive shell in xmllint.
CVE-2025-49794
Nikita Sveshnikov discovered a heap use-after-free issue in the
schematron. When processing XPath expressions in Schematron schema
elements `
returned and then accessed, leading to undefined behavior or
potential crashes.
CVE-2025-49796
Nikita Sveshnikov discovered a type confusion issue in the
schematron. Processing `sch:name` elements and accessing namespace
information may lead to leading to memory corruption or undefined
behavior.
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: libxml2
Version: 2.9.10+dfsg-6.7+deb11u8
CVE ID: CVE-2024-34459 CVE-2025-6021 CVE-2025-6170 CVE-2025-49794
Debian Bug: 1071162 1107720 1107755 1107938
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!