Primary

Context

libxml2 Stack-Based Buffer Overflow Vulnerability in xmlBuildQName Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in libxml2's xmlBuildQName function. This issue arises from integer overflows in buffer size calculations, leading to unsafe memory operations. Exploitation of this vulnerability can cause memory corruption or a denial-of-service condition when the library processes specially crafted XML input.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, leading to memory corruption. Additionally, it can cause a denial-of-service condition by crashing the application.

Remediation

Users are advised to apply vendor-supplied patches as soon as they become available. For Red Hat products, consult the Red Hat Product Security team for guidance on applying patches.

Added: Jun 12, 2025, 1:19 PM

Updated: Jun 12, 2025, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libxml2 Stack-Based Buffer Overflow Vulnerability in xmlBuildQName Function

Vulnerability

Impact

Remediation

Affected Products

libxml2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating