{"id":"MGASA-2025-0269","summary":"Updated libxml2 & libxslt packages fix security vulnerabilities","details":"Heap use after free (UAF) leads to Denial of service (DoS).\n(CVE-2025-49794)\nNull pointer dereference leads to Denial of service (DoS).\n(CVE-2025-49795)\nType confusion leads to Denial of service (DoS). (CVE-2025-49796)\nInteger Overflow Leading to Buffer Overflow in xmlBuildQName().\n(CVE-2025-6021)\nStack-based Buffer Overflow in xmllint Shell. (CVE-2025-6170)\nType confusion in xmlNode.psvi between stylesheet and source nodes.\n(CVE-2025-7424)\nHeap-use-after-free in xmlFreeID caused by `atype` corruption.\n(CVE-2025-7425)\n","modified":"2026-01-30T00:42:11.388310Z","published":"2025-11-09T07:52:10Z","related":["CVE-2025-49794","CVE-2025-49795","CVE-2025-49796","CVE-2025-6021","CVE-2025-6170","CVE-2025-7424","CVE-2025-7425"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0269.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34378"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/06/16/6"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/07/11/2"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libxml2?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.4-1.8.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0269.json"}},{"package":{"name":"libxslt","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libxslt?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.38-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0269.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}