CVE-2025-6021 | THREATINT

Description

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

PUBLISHED Reserved 2025-06-12 | Published 2025-06-12 | Updated 2026-05-12 | Assigner redhat

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Out-of-bounds Write

Product status

Default status

unaffected

Any version before 2.14.4

affected

Default status

affected

0:2.12.5-7.el10_0 (rpm) before *

unaffected

Default status

affected

0:2.9.1-6.el7_9.10 (rpm) before *

unaffected

Default status

affected

0:2.9.7-21.el8_10.1 (rpm) before *

unaffected

Default status

affected

0:2.9.7-21.el8_10.1 (rpm) before *

unaffected

Default status

affected

0:2.9.7-9.el8_2.3 (rpm) before *

unaffected

Default status

affected

0:2.9.7-9.el8_4.6 (rpm) before *

unaffected

Default status

affected

0:2.9.7-9.el8_4.6 (rpm) before *

unaffected

Default status

affected

0:2.9.7-13.el8_6.10 (rpm) before *

unaffected

Default status

affected

0:2.9.7-13.el8_6.10 (rpm) before *

unaffected

Default status

affected

0:2.9.7-13.el8_6.10 (rpm) before *

unaffected

Default status

affected

0:2.9.7-16.el8_8.9 (rpm) before *

unaffected

Default status

affected

0:2.9.7-16.el8_8.9 (rpm) before *

unaffected

Default status

affected

0:2.9.13-10.el9_6 (rpm) before *

unaffected

Default status

affected

0:2.9.13-10.el9_6 (rpm) before *

unaffected

Default status

affected

0:2.9.13-1.el9_0.5 (rpm) before *

unaffected

Default status

affected

0:2.9.13-3.el9_2.7 (rpm) before *

unaffected

Default status

affected

0:2.9.13-10.el9_4 (rpm) before *

unaffected

Default status

unaffected

Default status

affected

412.86.202509030110-0 (rpm) before *

unaffected

Default status

affected

413.92.202509030117-0 (rpm) before *

unaffected

Default status

affected

414.92.202508041909-0 (rpm) before *

unaffected

Default status

affected

415.92.202508192014-0 (rpm) before *

unaffected

Default status

affected

416.94.202508050040-0 (rpm) before *

unaffected

Default status

affected

417.94.202508141510-0 (rpm) before *

unaffected

Default status

affected

418.94.202508060022-0 (rpm) before *

unaffected

Default status

affected

4.19.9.6.202507230107-0 (rpm) before *

unaffected

Default status

affected

sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344 (rpm) before *

unaffected

Default status

affected

2.15.2-0.3.hum1 (rpm) before *

unaffected

Default status

affected

sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7 (rpm) before *

unaffected

Default status

unknown

Timeline

2025-06-12:	Reported to Red Hat.
2025-06-12:	Made public.

Credits

Red Hat would like to thank Ahmed Lekssays for reporting this issue.

References

gitlab.gnome.org/GNOME/libxml2/-/issues/926 exploit issue-tracking

lists.debian.org/debian-lts-announce/2025/07/msg00014.html

cert-portal.siemens.com/productcert/html/ssa-032379.html

access.redhat.com/errata/RHSA-2025:10630 (RHSA-2025:10630) vendor-advisory

access.redhat.com/errata/RHSA-2025:10698 (RHSA-2025:10698) vendor-advisory

access.redhat.com/errata/RHSA-2025:10699 (RHSA-2025:10699) vendor-advisory

access.redhat.com/errata/RHSA-2025:11580 (RHSA-2025:11580) vendor-advisory

access.redhat.com/errata/RHSA-2025:11673 (RHSA-2025:11673) vendor-advisory

access.redhat.com/errata/RHSA-2025:12098 (RHSA-2025:12098) vendor-advisory

access.redhat.com/errata/RHSA-2025:12099 (RHSA-2025:12099) vendor-advisory

access.redhat.com/errata/RHSA-2025:12199 (RHSA-2025:12199) vendor-advisory

access.redhat.com/errata/RHSA-2025:12237 (RHSA-2025:12237) vendor-advisory

access.redhat.com/errata/RHSA-2025:12239 (RHSA-2025:12239) vendor-advisory

access.redhat.com/errata/RHSA-2025:12240 (RHSA-2025:12240) vendor-advisory

access.redhat.com/errata/RHSA-2025:12241 (RHSA-2025:12241) vendor-advisory

access.redhat.com/errata/RHSA-2025:13267 (RHSA-2025:13267) vendor-advisory

access.redhat.com/errata/RHSA-2025:13289 (RHSA-2025:13289) vendor-advisory

access.redhat.com/errata/RHSA-2025:13325 (RHSA-2025:13325) vendor-advisory

access.redhat.com/errata/RHSA-2025:13335 (RHSA-2025:13335) vendor-advisory

access.redhat.com/errata/RHSA-2025:13336 (RHSA-2025:13336) vendor-advisory

access.redhat.com/errata/RHSA-2025:14059 (RHSA-2025:14059) vendor-advisory

access.redhat.com/errata/RHSA-2025:14396 (RHSA-2025:14396) vendor-advisory

access.redhat.com/errata/RHSA-2025:15308 (RHSA-2025:15308) vendor-advisory

access.redhat.com/errata/RHSA-2025:15672 (RHSA-2025:15672) vendor-advisory

access.redhat.com/errata/RHSA-2025:19020 (RHSA-2025:19020) vendor-advisory

access.redhat.com/errata/RHSA-2026:7519 (RHSA-2026:7519) vendor-advisory

access.redhat.com/security/cve/CVE-2025-6021 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2372406 (RHBZ#2372406) issue-tracking

gitlab.gnome.org/GNOME/libxml2/-/issues/926

cve.org (CVE-2025-6021)

nvd.nist.gov (CVE-2025-6021)

Download JSON