Vulnerability Description
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:10630
- https://access.redhat.com/errata/RHSA-2025:10698
- https://access.redhat.com/errata/RHSA-2025:10699
- https://access.redhat.com/errata/RHSA-2025:11580
- https://access.redhat.com/errata/RHSA-2025:12098
- https://access.redhat.com/errata/RHSA-2025:12099
- https://access.redhat.com/errata/RHSA-2025:12199
- https://access.redhat.com/errata/RHSA-2025:12237
- https://access.redhat.com/errata/RHSA-2025:12239
- https://access.redhat.com/errata/RHSA-2025:12240
- https://access.redhat.com/errata/RHSA-2025:12241
- https://access.redhat.com/errata/RHSA-2025:13267
- https://access.redhat.com/errata/RHSA-2025:13335
- https://access.redhat.com/errata/RHSA-2025:15397
- https://access.redhat.com/errata/RHSA-2025:15827
FAQ
What is CVE-2025-49796?
CVE-2025-49796 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input fi...
How severe is CVE-2025-49796?
CVE-2025-49796 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-49796?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.