Use After Free
CVE-2024-25062
Summary
An issue was discovered in libxml2 versions prior to 2.11.7 and 2.12.x prior to 2.12.5. When using the XML Reader interface with DTD validation and "XInclude" expansion enabled, processing crafted XML documents can lead to an "xmlValidatePopElement" use-after-free.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-416 - Use After Free
Use-after-free (UaF) vulnerability occurs when the application is using a pointer to memory that has been freed. Any attempt to read/write to a buffer after it is de-allocated allows memory corruption, sensitive information exposure, and can potentially lead to arbitrary code execution.
References
Advisory Timeline
- Published