CVE-2025-49794 - log back

CVE-2025-49794 edited at 18 Jun 2025 23:19:25
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
A Heap Use After Free (UAF) vulnerability was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronGetNode function when processing XPath expressions in Schematron schema elements <sch:name path="..."/>, where a pointer to freed memory is returned and then accessed, leading to undefined behavior and potential crashes.
- Vulnerable component: The xmlSchematronGetNode function extracts a pointer to a node from an XPath node set and then immediately frees the entire XPath object containing that node set, rendering the returned pointer invalid.
+ The xmlSchematronGetNode function extracts a pointer to a node from an XPath node set and then immediately frees the entire XPath object containing that node set, rendering the returned pointer invalid.
CVE-2025-49794 edited at 18 Jun 2025 23:07:10
Description
A Heap Use After Free (UAF) vulnerability was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronGetNode function when processing XPath expressions in Schematron schema elements <sch:name path="..."/>, where a pointer to freed memory is returned and then accessed, leading to undefined behavior and potential crashes.
+
+ Vulnerable component: The xmlSchematronGetNode function extracts a pointer to a node from an XPath node set and then immediately frees the entire XPath object containing that node set, rendering the returned pointer invalid.
CVE-2025-49794 created at 18 Jun 2025 23:06:02
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ A Heap Use After Free (UAF) vulnerability was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronGetNode function when processing XPath expressions in Schematron schema elements <sch:name path="..."/>, where a pointer to freed memory is returned and then accessed, leading to undefined behavior and potential crashes.
References
+ https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
Notes