Описание
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 2.9.14+dfsg-1.3ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 2.9.1+dfsg1-3ubuntu4.13+esm6 |
| esm-infra/bionic | released | 2.9.4+dfsg1-6.1ubuntu1.9+esm1 |
| esm-infra/focal | not-affected | 2.9.10+dfsg-5ubuntu0.20.04.7 |
| esm-infra/xenial | released | 2.9.3+dfsg1-1ubuntu0.7+esm6 |
| focal | released | 2.9.10+dfsg-5ubuntu0.20.04.7 |
| jammy | released | 2.9.13+dfsg-1ubuntu0.4 |
| mantic | released | 2.9.14+dfsg-1.3ubuntu0.1 |
| trusty | ignored | end of standard support |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...
EPSS
7.5 High
CVSS3