2372379 – (CVE-2025-49795) CVE-2025-49795 libxml: Null pointer dereference leads to Denial of service (DoS)

Bug 2372379 (CVE-2025-49795) - CVE-2025-49795 libxml: Null pointer dereference leads to Denial of service (DoS)

Summary: CVE-2025-49795 libxml: Null pointer dereference leads to Denial of service (DoS)

Keywords:
Status:	NEW
Alias:	CVE-2025-49795
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2372380 2372381 2372382 2372383 2372384
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-12 00:33 UTC by OSIDB Bzimport
Modified:	2025-10-27 17:46 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:10630	0	None	None	None	2025-07-08 21:09:54 UTC
Red Hat Product Errata	RHSA-2025:19020	0	None	None	None	2025-10-27 17:46:31 UTC

Description OSIDB Bzimport 2025-06-12 00:33:46 UTC

A null pointer dereference vulnerability was discovered in the libxml2. The issue occurs in the xmlSchematronFormatReport function when processing incorrect XPath expressions in Schematron schema reports, leading to undefined behavior and potential crashes.

Comment 2 errata-xmlrpc 2025-07-08 21:09:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:10630 https://access.redhat.com/errata/RHSA-2025:10630

Comment 3 errata-xmlrpc 2025-10-27 17:46:29 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Core Services 2.4.62.SP2

Via RHSA-2025:19020 https://access.redhat.com/errata/RHSA-2025:19020

Note You need to log in before you can comment on or make changes to this bug.