« List of all CVEs

CVE-2023-45322

Published: 10/6/2023 Last updated: 11/3/2025 Reserved: 10/6/2023

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (5)

bap-llvm conf-gtksourceview conf-gtksourceview3 conf-librsvg2 lablgtk3-gtkspell3

Products affected (2)

Product Vendor Version
n/a n/a 1.0.03.27
n/a n/a 13

References (14)