CVE-2024-56171

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-56171

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56171.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56171

Downstream

ALPINE-CVE-2024-56171

BELL-CVE-2024-56171

DEBIAN-CVE-2024-56171

DLA-4064-1

DSA-5949-1

ECHO-6347-1e72-b901

JLSEC-2025-86

MINI-6gvx-4832-qfgm

MINI-cxjf-59c7-wwqx

OESA-2025-1225

RHSA-2025:2482

RHSA-2025:2483

RHSA-2025:2507

RHSA-2025:2513

RHSA-2025:2654

RHSA-2025:2660

RHSA-2025:2673

RHSA-2025:2678

RHSA-2025:2679

RHSA-2025:2686

RLSA-2025:2679

RLSA-2025:2686

SUSE-SU-2025:0746-1

SUSE-SU-2025:0747-1

SUSE-SU-2025:0748-1

SUSE-SU-2025:0976-1

UBUNTU-CVE-2024-56171

USN-7302-1

openSUSE-SU-2025:14830-1

Related

Published

2025-02-18T22:15:12.797Z

Modified

2026-02-09T05:19:14.589396Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

References

Affected packages

Git / github.com/gnome/libxml2

Affected ranges

Type: GIT
Repo: https://github.com/gnome/libxml2
Events: Fixed

02d577715e1951cf114ca4e9adaf5605156c4f4c

Introduced

cdd2575f7fbab1d8162600f4048bc37503c80e28

Fixed

66453240c94b5cbd3e9ae9b32016fdafb13cdf18

Affected versions

v2.*

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.13.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56171.json"