NULL Pointer Dereference Vulnerability in libxml2 Affecting GNOME Products
CVE-2025-27113

2.9LOW

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 18 February 2025

What is CVE-2025-27113?

libxml2, a widely used library for parsing XML, is affected by a NULL pointer dereference issue located in the xmlPatMatch function within pattern.c. This flaw exists in versions prior to 2.12.10 and in the 2.13.x series before 2.13.6. Exploiting this vulnerability may lead to unexpected behavior or application crashes, posing a risk to software that utilizes this library.

Affected Version(s)

libxml2 0 < 2.12.10

libxml2 2.13.0 < 2.13.6

References

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Feb 18, 2025

JSON

Xmlsoft

What is CVE-2025-27113?

Affected Version(s)

References

CVSS V3.1

Timeline