Summary: Libxml2, a widely used XML parsing library, has multiple vulnerabilities (CVE-2024-56171, CVE-2025-24928, CVE-2025-27113) that could lead to denial of service and arbitrary code execution. These vulnerabilities have been addressed in recent releases (2.12.10 and 2.13.6), and users are advised to update immediately. Failure to update may leave systems exposed to significant security risks.
Affected: Libxml2 users and systems utilizing the library
Keypoints :
- CVE-2024-56171: Use-after-free vulnerability with a CVSS score of 7.8, exploitable via specially crafted XML documents.
- CVE-2025-24928: Stack-based buffer overflow vulnerability (CVSS 7.8) that can be triggered during DTD validation.
- CVE-2025-27113: NULL pointer dereference vulnerability (CVSS 2.9) that can occur with specific usage of the Perl module XML::LibXML::Reader.
- Users are recommended to update to libxml2 versions 2.12.10 or 2.13.6 to mitigate risks.