CVE
CVE-2025-49794
| CVE ID |
CVE-2025-49794
|
|---|---|
| CVSS Score |
9.1
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
libxml2-2.9.1-6_ol005.el7.6
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
A Heap Use After Free vulnerability was discovered in Schematron. The issue arises in the xmlSchematronGetNode() when processing XPath expressions in Schematron schema elements <sch:name path="..."/>, where a pointer to freed memory is returned and then accessed, leading to undefined behavior and potential crashes.
Vulnerable component: xmlSchematronGetNode() extracts a pointer to a node from an XPath node set and then immediately frees the entire XPath object containing that node set, rendering the returned pointer invalid.