CVE-2025-49796 - log back

CVE-2025-49796 edited at 18 Jun 2025 23:15:31
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Description
A vulnerability causing undefined behavior was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronFormatReport function when processing sch:name elements, leading to memory corruption and undefined behavior when accessing namespace information.
- Vulnerable component: Memory corruption occurs during namespace processing, resulting in the assignment of a corrupted pointer (0xffffffffffffffff) to node->ns. When the code attempts to access node->ns->prefix, it dereferences this invalid pointer, causing undefined behavior.
+ Memory corruption occurs during namespace processing, resulting in the assignment of a corrupted pointer (0xffffffffffffffff) to node->ns. When the code attempts to access node->ns->prefix, it dereferences this invalid pointer, causing undefined behavior.
CVE-2025-49796 created at 18 Jun 2025 23:11:22
Severity
+ Unknown
Remote
+ Unknown
Type
+ Denial of service
Description
+ A vulnerability causing undefined behavior was discovered in the Schematron in the libxml2. The issue arises in the xmlSchematronFormatReport function when processing sch:name elements, leading to memory corruption and undefined behavior when accessing namespace information.
+
+ Vulnerable component: Memory corruption occurs during namespace processing, resulting in the assignment of a corrupted pointer (0xffffffffffffffff) to node->ns. When the code attempts to access node->ns->prefix, it dereferences this invalid pointer, causing undefined behavior.
References
+ https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
Notes