Vulnerability CVE-2024-25062: Information

Description

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: Feb. 4, 2024
Modified: Feb. 13, 2024
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gem-nokogirisisyphus1.16.2-alt11.16.2-alt1ALT-PU-2024-2019-2340134Fixed
gem-nokogirisisyphus_loongarch641.16.2-alt11.16.2-alt1ALT-PU-2024-2138-1-Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
      Start including
      2.12.0
      End excliding
      2.12.5

      cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
      End excliding
      2.11.7