Expired Pointer Dereference in bitwiseworks:libxml2-os2

CVE-2025-49795

bitwiseworks:libxml2-os2
gerph:libxml2
libxml2
libxml
libxmljs
libxml2-nodejs
libxml2-python3
OpenCMISS-Dependencies:libxml2

High

7.5/10

Summary

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a Denial of Service (DoS).

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-825 - Expired Pointer Dereference

The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

References

Advisory
Issue
Pull request
Dependent GHSA

Advisory Timeline

Published Jun 16, 2025

Expired Pointer Dereference in bitwiseworks:libxml2-os2

CVE-2025-49795

Summary

CWE-825 - Expired Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS