Out-of-bounds Write in gerph:libxml2

CVE-2025-6021

gerph:libxml2
libxml2
libxml
libxmljs
libxml2-nodejs
libxml2-python3
OpenCMISS-Dependencies:libxml2

High

7.5/10

Summary

A flaw was found in libxml2's "xmlBuildQName" function, where integer overflows in buffer size calculations can lead to a Stack-based Buffer Overflow. This issue can result in memory corruption or a Denial of Service (DoS) when processing crafted input. This issue affects libxml versions LIBXML2_2_5_7 through LIBXML2_2_6_30, LIBXML2_6_0 through LIBXML2.7.3, and 2.7.3 through 2.14.3, and libxml2 versions LIBXML2_2_5_7 through LIBXML2_2_6_30, LIBXML2_6_0 through LIBXML2.7.3, and 2.7.3 through 2.14.3.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-787 - Out-of-Bounds Write

Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.

References

Advisory Timeline

Published Jun 12, 2025

Out-of-bounds Write in gerph:libxml2

CVE-2025-6021

Summary

CWE-787 - Out-of-Bounds Write

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS