libxml2 Uncontrolled Recursion Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in libxml2, an XML parsing library. This issue arises from uncontrolled recursion in the xmlCatalogXMLResolveURI function, specifically when an XML catalog includes a delegate URI entry that references itself. A remote attacker could exploit this vulnerability by supplying a specially crafted XML catalog, causing infinite recursion and exhaustion of the call stack. The result is a segmentation fault that crashes affected applications.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition by causing applications to crash. Additionally, the uncontrolled recursion can exhaust system resources, such as CPU and memory, before the application fails.

Added: Jan 15, 2026, 3:18 PM

Updated: Jan 15, 2026, 3:18 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libxml2 Uncontrolled Recursion Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

libxml2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating