CVE-2025-49795 - log back

CVE-2025-49795 edited at 18 Jun 2025 23:17:16
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
A null pointer dereference vulnerability was discovered in the libxml2. The issue occurs in the xmlSchematronFormatReport function when processing incorrect XPath expressions in Schematron schema reports, leading to undefined behavior and potential crashes.
- Vulnerable component: The xmlXPathCompiledEval() function can return NULL when evaluating invalid XPath expressions, but the code immediately dereferences the returned pointer without checking for NULL.
+ The xmlXPathCompiledEval() function can return NULL when evaluating invalid XPath expressions, but the code immediately dereferences the returned pointer without checking for NULL.
CVE-2025-49795 created at 18 Jun 2025 23:10:08
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ A null pointer dereference vulnerability was discovered in the libxml2. The issue occurs in the xmlSchematronFormatReport function when processing incorrect XPath expressions in Schematron schema reports, leading to undefined behavior and potential crashes.
+
+ Vulnerable component: The xmlXPathCompiledEval() function can return NULL when evaluating invalid XPath expressions, but the code immediately dereferences the returned pointer without checking for NULL.
References
+ https://gitlab.gnome.org/GNOME/libxml2/-/issues/932
Notes