|
|
According to [1]
A flaw was found in libxml2's xmlBuildQName function, where integer overflows
in buffer size calculations can lead to a stack-based buffer overflow. This
issue can result in memory corruption or a denial of service when processing
crafted input.
Refer debian [2], backport a fix [3] from upstream
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6021
[2] https://security-tracker.debian.org/tracker/CVE-2025-6021
[3] https://gitlab.gnome.org/GNOME/libxml2/-/commit/acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0
(From OE-Core rev: e3a6bf785656243b5adc0775f7480a1eb0e4ae4c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
