CVE-2025-24928

HIGH7.7EPSS 0.24%

發布日:2025/2/18修改日:2025/12/3

也稱為:ALPINE-CVE-2025-24928

描述

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

受影響套件(5)

Alpine/libxml2from 0, < 2.11.8-r1
Bitnami/javafrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
Bitnami/java-minfrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
Bitnami/jrefrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
Debian/libxml2from 0, < 2.9.10+dfsg-6.7+deb11u6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.7	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(7)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2025-24928
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-24928
WEBhttps://gitlab.gnome.org/GNOME/libxml2/-/issues/847
WEBhttps://issues.oss-fuzz.com/issues/392687022
WEBhttps://lists.debian.org/debian-lts-announce/2025/02/msg00028.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-24928
WEBhttps://security.netapp.com/advisory/ntap-20250321-0006/