CVE-2025-24928

ADVISORY - nist

Summary

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

EPSS Score⁠: 0.00044 (0.132)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-121⁠

Stack-based Buffer Overflow

ADVISORY - redhat

CWE-121⁠

Stack-based Buffer Overflow

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.