AI description
CVE-2025-24928 is a stack-based buffer overflow vulnerability found in the `xmlSnprintfElements` function within the libxml2 library. This vulnerability can be triggered when the library performs DTD validation on untrusted XML documents or untrusted DTDs. Libxml2 is a widely used XML C parser and toolkit developed for the GNOME project. The vulnerability was addressed in libxml2 versions 2.12.10 and 2.13.6. Exploitation requires DTD validation to be enabled and processing of untrusted XML documents or DTDs. This vulnerability is similar to a previously discovered flaw, CVE-2017-9047.
- Description
- libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.8
- Exploitability score
- 1.4
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-121
- Hype score
- Not currently trending
🚨 Lambda Watchdog detected a new HIGH severity CVE 🚨 CVE-2025-24928 was detected in the latest AWS Lambda image scan affecting the libxml2 package in 9 images. Check the full report 👉 https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless
@LambdaWatchdog
26 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New data shows rising incidence of CVE-2025-27113 and CVE-2025-24928 vulnerabilities. Stay informed: https://t.co/tej1yYFNGt Created by AI. #Android #Cybersecurity
@Funker_Dev
12 Mar 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2024-56171 &amp- CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/bGoZT33ooK #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
25 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Multiple vulnerabilities (CVE-2024-56171 & CVE-2025-24928) in Libxml2 could lead to code execution & denial of service. Updates (2.12.10 & 2.13.6) are critical for security. 🛡️🔒 #Libxml2 #SecurityUpdate #Germany link: https://t.co/nHacQ7bODu https://t.co/jPoQPpaE2f
@TweetThreatNews
24 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Libxml2にコード実行の脆弱性。CVE-2024-56171とCVE-2025-24928はCVSSスコア7.8で、前者がxmlSchemaIDCFillNodeTables()とxmlSchemaBubbleIDCNodeTables()における解放後メモリ使用。後者はxmlSnprintfElements()におけるスタックベースのバッファオーバーフロー。 https://t.co/QFZqEHeXMC
@__kokumoto
24 Feb 2025
635 Impressions
1 Retweet
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Two vulnerabilities in Libxml2, CVE-2024-56171 and CVE-2025-24928, may permit code execution, posing significant risks (https://t.co/ukNicN0KUE). Developers using this library should assess exposure promptly. #cybersecurity #CVE
@adriananglin
24 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56171 & CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution https://t.co/4HgCAbQ9Gx
@Dinosn
24 Feb 2025
2897 Impressions
8 Retweets
35 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-24928 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an… https://t.co/wSaRtJMqge
@CVEnew
18 Feb 2025
348 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes