Bugzilla – Bug 1219575
VUL-0: CVE-2024-25062: TRACKERBUG: libxml2: use-after-free in XMLReader
Last modified: 2024-02-14 07:11:09 UTC
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://www.cve.org/CVERecord?id=CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 Patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a66b176055d25ee635bf328c7b35b381db0b71d