Skip to main content

Use After Free

CVE-2024-25062

Severity High
Score 7.5/10

Summary

An issue was discovered in libxml2 versions prior to 2.11.7 and 2.12.x prior to 2.12.5. When using the XML Reader interface with DTD validation and "XInclude" expansion enabled, processing crafted XML documents can lead to an "xmlValidatePopElement" use-after-free.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-416 - Use After Free

Use-after-free (UaF) vulnerability occurs when the application is using a pointer to memory that has been freed. Any attempt to read/write to a buffer after it is de-allocated allows memory corruption, sensitive information exposure, and can potentially lead to arbitrary code execution.

Advisory Timeline

  • Published