2372406 – (CVE-2025-6021) CVE-2025-6021 libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

Bug 2372406 (CVE-2025-6021) - CVE-2025-6021 libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

Summary: CVE-2025-6021 libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buf...

Keywords:
Status:	NEW
Alias:	CVE-2025-6021
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2372411 2372412 2372413 2372414 2372415 2372416 2372417 2372418 2372419 2372420 2372421 2372422
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-12 07:58 UTC by OSIDB Bzimport
Modified:	2025-06-12 12:45 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-06-12 07:58:27 UTC

Integer Overflow (Wraparound) vulnerability in the xmlBuildQName() function in libxml2. The flaw arises due to unsafe arithmetic when concatenating XML name components using the lengths of prefix and local name. These lengths, originally size_t, are cast to int, leading to incorrect calculations when values are large. If exploited, the function can perform a memcpy with an extremely large size, causing a stack buffer overflow. This vulnerability is remotely exploitable if the attacker can influence XML content passed to affected applications, potentially resulting in denial of service.

Note You need to log in before you can comment on or make changes to this bug.