Skip to main content

Double Free


Severity Medium
Score 6.5/10


An issue was discovered in libxml2 in versions prior to 2.10.4. When hashing empty dict strings in a crafted XML document, "xmlDictComputeFastKey" in "dict.c" can produce non-deterministic values, leading to various logic and memory errors, such as a Double Free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

  • LOW
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Advisory Timeline

  • Published