CVE-2025-6021

Public on 2025-06-12
Modified on 2025-06-13
Description

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Severity
Important
See what this means
CVSS v3 Base Score
8.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core libxml2 2025-06-24 ALAS2-2025-2893
Amazon Linux 2023 libxml2 2025-06-23 ALAS2023-2025-1019

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H