---

CVE-2025-49796 - log back

CVE-2025-49796 edited at 18 Jun 2025 23:15:31
Severity	- Unknown + High
Remote	- Unknown + Remote
Description	A vulnerability causing undefined behavior was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronFormatReport function when processing sch:name elements, leading to memory corruption and undefined behavior when accessing namespace information. - Vulnerable component: Memory corruption occurs during namespace processing, resulting in the assignment of a corrupted pointer (0xffffffffffffffff) to node->ns. When the code attempts to access node->ns->prefix, it dereferences this invalid pointer, causing undefined behavior. + Memory corruption occurs during namespace processing, resulting in the assignment of a corrupted pointer (0xffffffffffffffff) to node->ns. When the code attempts to access node->ns->prefix, it dereferences this invalid pointer, causing undefined behavior.

CVE-2025-49796 created at 18 Jun 2025 23:11:22
Severity	+ Unknown
Remote	+ Unknown
Type	+ Denial of service
Description	+ A vulnerability causing undefined behavior was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronFormatReport function when processing sch:name elements, leading to memory corruption and undefined behavior when accessing namespace information. + + Vulnerable component: Memory corruption occurs during namespace processing, resulting in the assignment of a corrupted pointer (0xffffffffffffffff) to node->ns. When the code attempts to access node->ns->prefix, it dereferences this invalid pointer, causing undefined behavior.
References	+ https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
Notes