2372379 – (CVE-2025-49795) CVE-2025-49795 libxml: Null pointer dereference leads to Denial of service (DoS)

Bug 2372379 (CVE-2025-49795) - CVE-2025-49795 libxml: Null pointer dereference leads to Denial of service (DoS)

Summary: CVE-2025-49795 libxml: Null pointer dereference leads to Denial of service (DoS)

Keywords:
Status:	NEW
Alias:	CVE-2025-49795
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2372380 2372381 2372382 2372383 2372384
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-12 00:33 UTC by OSIDB Bzimport
Modified:	2025-06-16 15:17 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-06-12 00:33:46 UTC

A null pointer dereference vulnerability was discovered in the libxml2. The issue occurs in the xmlSchematronFormatReport function when processing incorrect XPath expressions in Schematron schema reports, leading to undefined behavior and potential crashes.

Note You need to log in before you can comment on or make changes to this bug.