ISN 2025-08: Libxml2 Vulnerabilities

First published 29 April 2025

CVSS 3.1: 7.9 (High)

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Summary

Security vulnerabilities have been found in Libxml2, an XML library used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

Libxml2 is affected by a use-after-free issue that can be triggered by a crafted XML document (CVE-2024-56171). Besides that, a stack-based buffer overflow can occur during DTD validation with an untrusted DTD or document (CVE-2025-24928, high).

Update Instructions

• OS 12: Update to the IGEL OS base system 12.8.1 when available.

• OS 11: Update to OS 11.11.100 when available (planned for August).

References

• CVE-2024-56171: https://www.cve.org/CVERecord?id=CVE-2024-56171

• CVE-2025-24928: https://www.cve.org/CVERecord?id=CVE-2025-24928