libxml2 Heap Use-After-Free Vulnerability in XPath Processing

Vulnerability

A use-after-free vulnerability has been identified in libxml2, specifically within the Schematron processing of XPath elements. This issue arises in the 'xmlSchematronGetNode' function when handling 'sch:name' schema elements. The vulnerability allows a malicious actor to craft an XML document that, when parsed by libxml2, can lead to a program crash or other undefined behaviors.

Impact

Exploitation of this vulnerability causes a program crash or other undefined behaviors.

Added: Jun 16, 2025, 4:22 PM

Updated: Jun 16, 2025, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libxml2 Heap Use-After-Free Vulnerability in XPath Processing

Vulnerability

Impact

Affected Products

libxml2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating