CVE-2025-24928

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Open

LOW (3.8)

T
Tim Bastin detected CVE-2025-24928 with a risk of 1.87
0.9.1
System updated the risk assessment from 1.87 to 1.25
0.9.1
System recalculated raw risk assessment
System updated the risk assessment from 1.25 to 3.75
0.9.1
System recalculated raw risk assessment
System updated the risk assessment from 1.87 to 3.75
0.8.3
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2025-24928 with a risk of 3.75
0.10.1
System detected CVE-2025-24928 with a risk of 3.75
0.8.2
System detected CVE-2025-24928 with a risk of 3.75
main
T
Tim Bastin detected CVE-2025-24928 with a risk of 3.75
0.11.1
System fixed CVE-2025-24928
0.10.1
System fixed CVE-2025-24928
0.9.1
System fixed CVE-2025-24928
0.8.3
System fixed CVE-2025-24928
0.11.1
System fixed CVE-2025-24928
0.8.2
System fixed CVE-2025-24928
main
System detected CVE-2025-24928 with a risk of 3.75
0.11.1

Add a comment

Last calculated at:

Affected component

debian/libxml2

Installed version:

2.9.14

Fixed in:

no patch available

Show in dependency graph

🛡️ DevGuard
Group
/🗄️ Devguard Postgresql
Repository

CVE-2025-24928

Add a comment

Affected component

Management decisions across the organization