CVE-2025-27113
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
18/02/2025
Last modified:
03/11/2025
Description
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
Impact
Base Score 3.x
2.90
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* | 2.12.10 (excluding) | |
| cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* | 2.13.0 (including) | 2.13.6 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
- http://seclists.org/fulldisclosure/2025/Apr/10
- http://seclists.org/fulldisclosure/2025/Apr/11
- http://seclists.org/fulldisclosure/2025/Apr/12
- http://seclists.org/fulldisclosure/2025/Apr/13
- http://seclists.org/fulldisclosure/2025/Apr/4
- http://seclists.org/fulldisclosure/2025/Apr/5
- http://seclists.org/fulldisclosure/2025/Apr/8
- http://seclists.org/fulldisclosure/2025/Apr/9
- https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html
- https://security.netapp.com/advisory/ntap-20250306-0004/