CNNVD-202506-1901 Information

CNNVD ID

CNNVD-202506-1901

Related CVE

CVE-2025-49796

• CNNVD Published: 2025-06-16

Description (Chinese)

libxml2是GNOME开源的一个用来解析XML文档的函数库。它用C语言写成，并且能为多种语言所调用，例如C语言，C++，XSH。 libxml2存在缓冲区错误漏洞，该漏洞源于处理特定sch:name元素时存在内存损坏问题，可能导致拒绝服务或内存敏感数据损坏。

Description (English)

libxml2 is a function library for the analysis of XML documents from an open source of GNOME. It is written in C and can be called in many languages, such as C, C++, XSH. Libxml2 has an error loophole in the buffer zone, which stems from memory damage when dealing with specific sch:name elements, which may result in denial of service or damage to memory sensitive data.

Hazard Level

Low

Vulnerability Type

缓冲区错误

Affected Vendor

GNOME

Published

2025-06-16

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://access.redhat.com/security/cve/CVE-2025-49796 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html https://vigilance.fr/vulnerability/libxml2-memory-corruption-via-xmlSchematronFormatReport-47446