Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

  • Published: Feb 4, 2024
  • Updated: Feb 14, 2024
  • CVE: CVE-2024-25062
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
xmlsoft / libxml2 2.12.0 2.12.5
xmlsoft / libxml2 - 2.11.7