Vulnerabilities > CVE-2024-25062 - Use After Free vulnerability in Xmlsoft Libxml2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
xmlsoft
CWE-416
NVD
Published: 2024-02-04
Updated: 2024-02-13

Summary

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Vulnerable Configurations

Part Description Count
Application
Xmlsoft
188

Common Weakness Enumeration (CWE)

References