NULL Pointer Dereference Vulnerability in libxml2 Affecting GNOME Products
CVE-2025-27113

7.5HIGH

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 18 February 2025

What is CVE-2025-27113?

libxml2, a widely used library for parsing XML, is affected by a NULL pointer dereference issue located in the xmlPatMatch function within pattern.c. This flaw exists in versions prior to 2.12.10 and in the 2.13.x series before 2.13.6. Exploiting this vulnerability may lead to unexpected behavior or application crashes, posing a risk to software that utilizes this library.

Affected Version(s)

libxml2 0 < 2.12.10

libxml2 2.13.0 < 2.13.6

References

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Feb 18, 2025

Xmlsoft

What is CVE-2025-27113?

Affected Version(s)

References

CVSS V3.1

Timeline