Home

Description

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

PUBLISHED Reserved 2025-06-16 | Published 2025-06-16 | Updated 2026-06-25 | Assigner redhat




LOW: 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Problem types

Stack-based Buffer Overflow

Product status

Default status
unaffected

Any version before 2.14.5
affected

Default status
affected

2.15.2-0.3.hum1 (rpm) before *
unaffected

Default status
affected

Default status
unknown

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2025-06-16:Reported to Red Hat.
2025-06-16:Made public.

Credits

Red Hat would like to thank Ahmed Lekssays for reporting this issue.

References

lists.debian.org/debian-lts-announce/2025/07/msg00014.html

cert-portal.siemens.com/productcert/html/ssa-253495.html

access.redhat.com/errata/RHSA-2026:7519 (RHSA-2026:7519) vendor-advisory

access.redhat.com/security/cve/CVE-2025-6170 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2372952 (RHBZ#2372952) issue-tracking

gitlab.gnome.org/GNOME/libxml2/-/issues/941

cve.org (CVE-2025-6170)

nvd.nist.gov (CVE-2025-6170)

Download JSON