CVE-2024-25062

Published: 2/4/2024 Last updated: 5/9/2025 Reserved: 2/4/2024

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.5	High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (5)

bap-llvm conf-gtksourceview conf-gtksourceview3 conf-librsvg2 lablgtk3-gtkspell3

Products affected (1)

Product	Vendor	Version
n/a	n/a	<= 6.6.*

References (4)

https://gitlab.gnome.org/GNOME/libxml2/-/tags
https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
https://gitlab.gnome.org/GNOME/libxml2/-/tags
https://gitlab.gnome.org/GNOME/libxml2/-/issues/604