EUVD-2025-18415
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
5DescriptionNVD
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
AnalysisAI
Critical memory corruption vulnerability in libxml2 triggered by malicious sch:name elements in XML input files. The vulnerability affects all systems using libxml2 for XML processing, allowing unauthenticated attackers to cause denial of service or memory corruption with no user interaction required. The high CVSS score of 9.1 reflects the network-accessible, low-complexity nature of exploitation; however, actual real-world exploitation status and patch availability require verification from official libxml2 sources.
Technical ContextAI
libxml2 is the standard XML processing library used across Linux distributions, web servers, browsers, and countless applications. The vulnerability exists in the XML Schema Definition (XSD) processor component, specifically in how it handles sch:name elements from Schematron validation rules embedded within or referenced by XML documents. CWE-125 (Out-of-bounds Read) indicates the root cause involves reading memory beyond allocated buffer boundaries during schema element parsing. This memory corruption can occur when libxml2 parses maliciously crafted sch:name element attributes or content without proper bounds checking, potentially exposing or corrupting sensitive data in adjacent memory regions. The vulnerability affects CPE entries including libxml2 across multiple versions and distributions (cpe:/a:xmlsoft:libxml2 and vendor-specific packages like cpe:/o:redhat:enterprise_linux, cpe:/o:debian:debian_linux, cpe:/o:canonical:ubuntu_linux).
RemediationAI
- Update libxml2 to patched version released by xmlsoft.org (version number pending official advisory). 2) Apply vendor-specific patches: Red Hat (RHSA advisory), Debian (DSA advisory), Ubuntu (USN advisory), and other distributions. 3) For systems unable to patch immediately: restrict XML file uploads/processing from untrusted sources, implement input validation to reject malicious sch:name elements before libxml2 processing, use XML parsing in sandboxed/isolated environments, or deploy WAF/IDS rules to detect malicious Schematron schema payloads. 4) Monitor systems for crashes or unexpected behavior from libxml2 processes. 5) Prioritize patching in production environments, particularly web-facing services. Consult official advisories at https://gitlab.gnome.org/GNOME/libxml2 and vendor security pages.
Vendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| oracular | ignored | end of life, was needs-triage |
| bionic | released | 2.9.4+dfsg1-6.1ubuntu1.9+esm4 |
| focal | released | 2.9.10+dfsg-5ubuntu0.20.04.10+esm1 |
| jammy | released | 2.9.13+dfsg-1ubuntu0.8 |
| noble | released | 2.9.14+dfsg-1.3ubuntu3.4 |
| plucky | released | 2.12.7+dfsg+really2.9.14-0.4ubuntu0.2 |
| trusty | released | 2.9.1+dfsg1-3ubuntu4.13+esm8 |
| upstream | released | - |
| xenial | released | 2.9.3+dfsg1-1ubuntu0.7+esm9 |
Debian
Bug #1107752| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 2.9.10+dfsg-6.7+deb11u8 | - |
| bullseye (security) | fixed | 2.9.10+dfsg-6.7+deb11u9 | - |
| bookworm | fixed | 2.9.14+dfsg-1.3~deb12u3 | - |
| bookworm (security) | fixed | 2.9.14+dfsg-1.3~deb12u4 | - |
| trixie | fixed | 2.12.7+dfsg+really2.9.14-2.1+deb13u2 | - |
| trixie (security) | fixed | 2.12.7+dfsg+really2.9.14-2.1+deb13u1 | - |
| forky, sid | fixed | 2.15.1+dfsg-2 | - |
| (unstable) | fixed | 2.12.7+dfsg+really2.9.14-2 | - |
Share
External POC / Exploit Code
Leaving vuln.today