Updated: 2025-08-20 00:03:26.298216
Description:
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.3 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libxml2 | 2.9.13 | 7.5 | HIGH | Not Vulnerable | 2023-11-08 08:35:55 | ||
| CentOS 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | Released | CLSA-2022:1647255880 | 2022-05-05 12:04:53 | |
| CentOS 7 ELS | libxml2 | 2.9.1 | 7.5 | HIGH | Released | CLSA-2023:1696537106 | 2023-10-05 17:08:31 | |
| CentOS 8.4 ELS | libxml2 | 2.9.7-9 | 7.5 | HIGH | Released | CLSA-2022:1647261009 | 2022-04-08 21:40:24 | |
| CentOS 8.5 ELS | libxml2 | 2.9.7-9 | 7.5 | HIGH | Released | CLSA-2022:1647261060 | 2022-04-08 21:40:25 | |
| CloudLinux 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | Released | CLSA-2022:1647256000 | 2022-04-08 21:40:25 | |
| Debian 10 ELS | libxml2 | 2.9.4 | 7.5 | HIGH | Already Fixed | 2025-10-23 15:01:36 | ||
| Oracle Linux 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | Released | CLSA-2022:1647255690 | 2022-04-08 21:40:24 | |
| Ubuntu 16.04 ELS | libxml2 | 2.9.3 | 7.5 | HIGH | Released | CLSA-2022:1647254642 | 2022-04-08 21:40:24 | |
| Ubuntu 18.04 ELS | libxml2 | 2.9.4 | 7.5 | HIGH | Already Fixed | 2023-06-02 09:09:52 |