vulnerability
Ubuntu: USN-7302-1 (CVE-2025-24928): libxml2 vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:C/I:C/A:N) | Feb 18, 2025 | Feb 26, 2025 | Aug 18, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:N)
Published
Feb 18, 2025
Added
Feb 26, 2025
Modified
Aug 18, 2025
Description
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
Solution
ubuntu-pro-upgrade-libxml2
References
- CVE-2025-24928
- https://attackerkb.com/topics/CVE-2025-24928
- CWE-121
- UBUNTU-USN-7302-1
- URL-https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- URL-https://issues.oss-fuzz.com/issues/392687022
- URL-https://ubuntu.com/security/notices/USN-7302-1
- URL-https://www.cve.org/CVERecord?id=CVE-2025-24928
- URL-https://www.openwall.com/lists/oss-security/2025/02/18/2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.