Description
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
References (4)
Core 4
Core References
Issue Tracking
https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
Issue Tracking
https://issues.oss-fuzz.com/issues/392687022
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250321-0006/
Scores
CVSS v3
7.8
EPSS
0.0024
EPSS Percentile
46.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (11)
netapp/active_iq_unified_manager
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500s_firmware
netapp/h700s_firmware
netapp/hci_compute_node
netapp/manageability_software_development_kit
netapp/ontap
9
netapp/solidfire_\&_hci_management_node
... and 1 more
Published
Feb 18, 2025
Tracked Since
Feb 18, 2026