CVE-2025-24928

Published Feb 18, 2025

Last updated 4 days ago

CVSS high 7.8

Overview

Description
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.8
Exploitability score
1.4
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-121

Social media

Hype score
Not currently trending

  1. CVE-2025-24928 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an… https://t.co/wSaRtJMqge

    @CVEnew

    18 Feb 2025

    348 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References