CVE-2025-49796 log

Source
Severity High
Remote Yes
Type Denial of service
Description
A vulnerability causing undefined behavior was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronFormatReport function when processing sch:name elements, leading to memory corruption and undefined behavior when accessing namespace information.

Memory corruption occurs during namespace processing, resulting in the assignment of a corrupted pointer (0xffffffffffffffff) to node->ns. When the code attempts to access node->ns->prefix, it dereferences this invalid pointer, causing undefined behavior.
Group Package Affected Fixed Severity Status Ticket
AVG-2898 libxml2 2.14.4-1 High Vulnerable
References
https://gitlab.gnome.org/GNOME/libxml2/-/issues/933