Volerion logoVolerion
Volerion logoVolerion

Libxml2 NULL Pointer Dereference Vulnerability in Pattern Matching Component

Vulnerability

A NULL pointer dereference vulnerability has been identified in Libxml2 versions prior to 2.12.10 and 2.13.0 prior to 2.13.6. The issue occurs in the 'xmlPatMatch' function within 'pattern.c', where the pattern compiler incorrectly handles explicit 'child' axes, leading to a runtime error. This vulnerability can be exploited to cause a Denial of Service (DoS).

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a runtime error and potentially allowing for a Denial of Service (DoS) condition.

Reproduction

The vulnerability can be reproduced by using 'xmllint' with the '--walker' or '--stream --pattern' options, which are primarily intended for debugging. The issue arises when a pattern is applied that includes the 'child' axis, causing the pattern compiler to use 'XML_OP_CHILD' instead of the correct 'XML_OP_ELEM', resulting in a NULL pointer dereference when the pattern is matched.

Remediation

Users should upgrade to Libxml2 version 2.12.10 or 2.13.6.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
6.0
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.