INFSA-2024:3626: libxml2 security update
Information about definition
Identificator: INFSA-2024:3626
Type: security
Release date: 2024-08-23 18:58:44 UTC
Information about package
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Vulnerabilities description
- CVE-2024-25062
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-25062
|
no information | 7.5 | no information |
Updated packages