Subject: [ASA-202506-7] libxml2: denial of service Arch Linux Security Advisory ASA-202506-7 ========================================= Severity: High Date : 2025-06-18 CVE-ID : CVE-2025-6021 Package : libxml2 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2899 Summary ======= The package libxml2 before version 2.14.4-1 is vulnerable to denial of service. Resolution ========== Upgrade to 2.14.4-1. # pacman -Syu "libxml2>=2.14.4-1" The problem has been fixed upstream in version 2.14.4. Workaround ========== None. Description =========== The xmlBuildQName function in tree.c is vulnerable to an integer overflow when calculating the required buffer size for concatenating a prefix and a local name (ncname). The lengths of ncname and prefix are retrieved using strlen (which returns size_t) but are then implicitly cast to int variables lenn and lenp. Impact ====== A remote attacker can cause a denial of service by triggering an integer overflow in the xmlBuildQName function. References ========== https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 https://gitlab.gnome.org/GNOME/libxml2/-/commit/ad346c9a249c4b380bf73c460ad3e81135c5d781 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.4 https://security.archlinux.org/CVE-2025-6021