CVE-2024-25062

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-25062
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25062.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-25062
Downstream
Related
Published
2024-02-04T16:15:45.120Z
Modified
2026-02-11T14:48:08.766551Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

References

Affected packages

Git / github.com/gnome/libxml2

Affected ranges

Type
GIT
Repo
https://github.com/gnome/libxml2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8711320065405c4bb08aaccd4bd2881450b5ce41
Introduced
5e9b167dce73bd6a804ab107ae4c4b95e6849597
Fixed
e189e9945317ad4c8603fa2300d11d11f5e2e335

Affected versions

v2.*
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25062.json"