Updated: 2025-05-10 00:03:14.065722
Description:
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libxml2 | 2.9.13 | 7.5 | HIGH | Released | CLSA-2024:1708416911 | 2024-02-20 03:53:34 | |
| CentOS 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | Released | CLSA-2024:1708639232 | 2024-03-05 08:47:52 | |
| CentOS 7 ELS | libxml2 | 2.9.1 | 7.5 | HIGH | Released | CLSA-2024:1708417192 | 2024-03-05 08:47:51 | |
| CentOS 8.4 ELS | libxml2 | 2.9.7-9 | 7.5 | HIGH | Released | CLSA-2024:1708426314 | 2024-02-20 08:26:41 | |
| CentOS 8.5 ELS | libxml2 | 2.9.7-9 | 7.5 | HIGH | Released | CLSA-2024:1708426517 | 2024-02-20 08:26:42 | |
| CentOS Stream 8 ELS | libxml2 | 2.9.7 | 7.5 | HIGH | Released | CLSA-2024:1718029281 | 2024-06-10 11:22:55 | |
| CloudLinux 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | Released | CLSA-2024:1708639125 | 2024-03-05 10:09:27 | |
| CloudLinux 7 ELS | libxml2 | 2.9.1 | 7.5 | HIGH | Released | CLSA-2024:1723797334 | 2024-08-30 14:28:38 | |
| Oracle Linux 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | Released | CLSA-2024:1708639015 | 2024-02-22 20:53:13 | |
| Oracle Linux 7 ELS | libxml2 | 2.9.1 | 7.5 | HIGH | Released | CLSA-2024:1734368396 | 2024-12-16 13:22:40 |