libxml2 Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the libxml2 library, specifically in the XML catalog processing feature. This issue arises when the library processes catalogs containing repeated <nextCatalog> elements that point to the same downstream catalog. A remote attacker can exploit this vulnerability by providing specially crafted XML catalogs, causing the parser to unnecessarily traverse the catalog chains multiple times. This redundant processing leads to excessive CPU usage, degrades the availability of applications using libxml2, and creates a denial-of-service condition.

Impact

Exploitation of this vulnerability causes excessive CPU consumption, leading to a degradation of application performance and availability. This creates a denial-of-service condition, where valid users are unable to access the application or experience significant delays.

Added: Jan 15, 2026, 3:26 PM

Updated: Jan 15, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libxml2 Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

libxml2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating