CVE Details
Basic Information
| Title | Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2 |
|---|---|
| Type | cve |
| Published | 2025-06-12T12:49:16.157Z |
| Last Seen |
Product Information
| Vendor | Red Hat |
|---|---|
| Product | Red Hat Enterprise Linux 10 |
| Version |
CVSS Information
| Base Score | 7.5 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A flaw in libxml2’s xmlBuildQName function allows integer overflows in buffer size calculations, leading to a stack-based buffer overflow. This can cause memory corruption or denial of service when processing crafted input. |
|---|---|
| AI Severity | High |
| Vendor | GNOME |
| Product | libxml2 |
| Affected Version |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-121 |
| Bulletin Family |
References
Description
A flaw was found in libxml2’s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.