Mageia 9: libxml2 Critical DoS Vulnerabilities MGASA-2025-0269
mageia
November 9, 2025
MGASA-2025-0269 - Updated libxml2 & libxslt packages fix security vulnerabilities
Summary
Description:
Heap use after free (UAF) leads to Denial of service (DoS).
(CVE-2025-49794)
Null pointer dereference leads to Denial of service (DoS).
(CVE-2025-49795)
Type confusion leads to Denial of service (DoS). (CVE-2025-49796)
Integer Overflow Leading to Buffer Overflow in xmlBuildQName().
(CVE-2025-6021)
Stack-based Buffer Overflow in xmllint Shell. (CVE-2025-6170)
Type confusion in xmlNode.psvi between stylesheet and source nodes.
(CVE-2025-7424)
Heap-use-after-free in xmlFreeID caused by `atype` corruption.
(CVE-2025-7425)
References
- https://bugs.mageia.org/show_bug.cgi?id=34378
- https://www.openwall.com/lists/oss-security/2025/06/16/6
- https://www.openwall.com/lists/oss-security/2025/07/11/2
- https://www.cve.org/CVERecord?id=CVE-2025-49794
- https://www.cve.org/CVERecord?id=CVE-2025-49795
- https://www.cve.org/CVERecord?id=CVE-2025-49796
- https://www.cve.org/CVERecord?id=CVE-2025-6021
- https://www.cve.org/CVERecord?id=CVE-2025-6170
- https://www.cve.org/CVERecord?id=CVE-2025-7424
- https://www.cve.org/CVERecord?id=CVE-2025-7425
Topics Covered
Resolution
SRPMS
- 9/core/libxml2-2.10.4-1.8.mga9
- 9/core/libxslt-1.1.38-1.2.mga9
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 09 Nov 2025
URL: https://advisories.mageia.org/MGASA-2025-0269.html
Type: security
CVE: CVE-2025-49794, CVE-2025-49795, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7424, CVE-2025-7425
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!