CNNVD-202509-1489 Information

CNNVD ID

CNNVD-202509-1489

Related CVE

CVE-2025-9714

• CNNVD Published: 2025-09-10

Description (Chinese)

libxml2是GNOME开源的一个用来解析XML文档的函数库。它用C语言写成，并且能为多种语言所调用，例如C语言，C++，XSH。 libxml2 2.9.14及之前版本存在安全漏洞，该漏洞源于XPath评估中存在未控制递归，可能导致栈溢出。

Description (English)

libxml2 is a function library for the analysis of XML documents from an open source of GNOME. It is written in C and can be called in many languages, such as C, C++, XSH. There is a security loophole in libxml2 2.9.14 and earlier versions, which stems from the presence of uncontrolled regression in the XPath assessment, which could lead to spills.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

gnutls

Published

2025-09-10

Last Modified

2026-02-24

References

https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

Patch

https://github.com/GNOME/libxml2/tags