DEBIAN-CVE-2024-25062
- Source
- https://security-tracker.debian.org/tracker/CVE-2024-25062
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-25062.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-25062
- Upstream
- Published
- 2024-02-04T16:15:45Z
- Modified
- 2025-09-25T23:29:08.247869Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
- References
Affected packages
Debian:11 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.9.10+dfsg-6.7+deb11u6
Debian:12 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source
Debian:13 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source
Debian:14 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source