CVE-2024-25062

CVSS v3.1 7.5 (High)

EPSS 0.05 % (18^th)

Affected Products 1

Advisories 21

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2024-02-04 16:15:45
(7 months ago)
Updated Date: 2024-02-13 00:40:40
(7 months ago)

Affected Products

Xmlsoft

Libxml2

Configuration #1

		CPE23	From	Up To
	Xmlsoft Libxml2 prior 2.11.7 version	cpe:2.3:a:xmlsoft:libxml2		< 2.11.7
	Xmlsoft Libxml2 from 2.12.0 version and prior 2.12.5 version	cpe:2.3:a:xmlsoft:libxml2	>= 2.12.0	< 2.12.5