AZL-34961

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34961.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-34961

Upstream

CVE-2024-25062

Published

2024-02-04T16:15:45Z

Modified

2026-04-01T05:11:48.841759Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-25062 affecting package libxml2 for versions less than 2.11.5-4

Details

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-25062

Affected packages

Azure Linux:3 / libxml2

Package

Name: libxml2
Purl: pkg:rpm/azure-linux/libxml2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.5-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34961.json"