CVE-2024-25062

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-25062

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25062.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-25062

Downstream

ALPINE-CVE-2024-25062

BELL-CVE-2024-25062

DEBIAN-CVE-2024-25062

DLA-4064-1

DSA-5949-1

ECHO-3385-dec3-86a0

JLSEC-2025-83

MINI-56j7-qwf3-8q64

OESA-2024-1183

RHSA-2024:2679

RHSA-2024:3299

RHSA-2024:3303

RHSA-2024:3625

RHSA-2024:3626

RLSA-2024:2679

RLSA-2024:3626

SUSE-SU-2024:0461-1

SUSE-SU-2024:0461-2

SUSE-SU-2024:0555-1

SUSE-SU-2024:0556-1

SUSE-SU-2024:0613-1

SUSE-SU-2024:0613-2

UBUNTU-CVE-2024-25062

USN-6658-1

USN-6658-2

openSUSE-SU-2024:13676-1

Related

Published

2024-02-04T16:15:45.120Z

Modified

2026-02-04T21:33:54.341118Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

References

Affected packages

Git / github.com/gnome/libxml2

Affected ranges

Type: GIT
Repo: https://github.com/gnome/libxml2
Events: Fixed

8711320065405c4bb08aaccd4bd2881450b5ce41

Introduced

5e9b167dce73bd6a804ab107ae4c4b95e6849597

Fixed

e189e9945317ad4c8603fa2300d11d11f5e2e335

Affected versions

v2.*

v2.12.0

v2.12.1

v2.12.2

v2.12.3

v2.12.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25062.json"