Primary

Context

libxmljs Segmentation Fault Vulnerability in XML Parsing Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in libxmljs version 1.0.11. When the library parses a specially crafted XML document, accessing the internal _ref property on entity_ref and entity_decl nodes leads to a segmentation fault. This issue crashes the application and could potentially allow for data leakage if further memory corruption can be achieved.

Impact

Exploitation of this vulnerability causes a segmentation fault, crashing the application. There is also a potential for data leakage if it leads to further memory corruption.

Reproduction

The vulnerability can be reproduced by creating a JavaScript file that requires the libxmljs library and parses an XML document containing a DOCTYPE declaration with an entity reference. After parsing the document, the _ref property can be accessed on the entity_ref or entity_decl nodes, which will cause a segmentation fault and crash the application.

Added: Dec 26, 2025, 3:23 PM

Updated: Dec 26, 2025, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libxmljs Segmentation Fault Vulnerability in XML Parsing Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

libxmljs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating