libxml2 NULL Pointer Dereference Vulnerability in XPath Processing Leading to Denial-of-Service

Vulnerability

A NULL pointer dereference vulnerability has been identified in libxml2. This issue arises in the xmlSchematronFormatReport function when the library processes malformed XPath expressions within Schematron schema reports. The vulnerability can be exploited by sending crafted XML input to libxml2, causing undefined behavior that may result in a crash, thereby creating a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash or become unresponsive.

Added: Jun 16, 2025, 4:20 PM

Updated: Jun 16, 2025, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libxml2 NULL Pointer Dereference Vulnerability in XPath Processing Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

libxml2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating