Bug 2413323 (CVE-2025-12863)
| Summary: | CVE-2025-12863 libxml2: Namespace Use-After-Free in xmlSetTreeDoc() function of libxml2 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | adudiak, caswilli, crizzo, csutherl, gtanzill, jbuscemi, jclere, jmitchel, kaycoth, kshier, pjindal, plodge, stcannon, szappis, vchlup, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2413330, 2413331, 2413332, 2413333, 2413334, 2413335, 2413336, 2413337, 2413338, 2413339, 2413340, 2413341, 2413342, 2413343, 2413344, 2413345 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-11-07 10:36:18 UTC
|