CVE-2025-49794 log

Source
Severity High
Remote Yes
Type Denial of service
Description
A Heap Use After Free (UAF) vulnerability was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronGetNode function when processing XPath expressions in Schematron schema elements <sch:name path="..."/>, where a pointer to freed memory is returned and then accessed, leading to undefined behavior and potential crashes.

The xmlSchematronGetNode function extracts a pointer to a node from an XPath node set and then immediately frees the entire XPath object containing that node set, rendering the returned pointer invalid.
Group Package Affected Fixed Severity Status Ticket
AVG-2898 libxml2 2.14.4-1 High Vulnerable
References
https://gitlab.gnome.org/GNOME/libxml2/-/issues/931