CVE-2025-49796

Updated: 2025-08-20 03:16:28.626583

Description:

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0.0
CVSS Version 3.x HIGH 9.1

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU libxml2 2.9.13 9.1 HIGH Released CLSA-2025:1752747463 2025-07-18 02:05:51
CentOS 6 ELS libxml2 2.7.6 9.1 HIGH Released CLSA-2025:1753377886 2025-08-09 01:42:34
CentOS 7 ELS libxml2 2.9.1 9.1 HIGH Released CLSA-2025:1753303283 2025-08-05 02:11:47
CentOS 8.4 ELS libxml2 2.9.7-9 9.1 HIGH Released CLSA-2025:1752654760 2025-07-17 03:00:08
CentOS 8.5 ELS libxml2 2.9.7-9 9.1 HIGH Released CLSA-2025:1752655171 2025-07-17 03:00:07
CentOS Stream 8 ELS libxml2 2.9.7 9.1 HIGH Released CLSA-2025:1752654590 2025-07-17 06:42:56
CloudLinux 6 ELS libxml2 2.7.6 9.1 HIGH Released CLSA-2025:1753378254 2025-08-06 03:12:27
CloudLinux 7 ELS libxml2 2.9.1 9.1 HIGH Released CLSA-2025:1753303387 2025-08-06 03:12:27
Oracle Linux 6 ELS libxml2 2.7.6 9.1 HIGH Released CLSA-2025:1753374522 2025-07-25 02:06:05
Oracle Linux 7 ELS libxml2 2.9.1 9.1 HIGH Released CLSA-2025:1753298447 2025-07-24 01:54:19
Total: 14