---

CVE-2025-6021 - log back

CVE-2025-6021 edited at 18 Jun 2025 23:43:02
References	https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 https://gitlab.gnome.org/GNOME/libxml2/-/commit/ad346c9a249c4b380bf73c460ad3e81135c5d781 + https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.4

CVE-2025-6021 edited at 18 Jun 2025 23:40:43
Remote	- Unknown + Remote

CVE-2025-6021 created at 18 Jun 2025 23:39:05
Severity	+ High
Remote	+ Unknown
Type	+ Denial of service
Description	+ The xmlBuildQName function in tree.c is vulnerable to an integer overflow when calculating the required buffer size for concatenating a prefix and a local name (ncname). The lengths of ncname and prefix are retrieved using strlen (which returns size_t) but are then implicitly cast to int variables lenn and lenp.
References	+ https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 + https://gitlab.gnome.org/GNOME/libxml2/-/commit/ad346c9a249c4b380bf73c460ad3e81135c5d781
Notes