OSV-2021-777

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libxml2/OSV-2021-777.yaml

Published

2021-05-20T00:00:30.166614Z

Modified

2024-05-13T14:06:51.922925Z

Summary

Heap-use-after-free in xmlAddNextSibling

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461

Crash type: Heap-use-after-free READ 4
Crash state:
xmlAddNextSibling
xmlXIncludeCopyRange
xmlXIncludeCopyXPointer

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461

Affected packages

OSS-Fuzz / libxml2

Package

Name: libxml2

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libxml2.git
Events: Introduced

6c128fd58a0e4641c23a345d413672494622db1b

Affected versions

Other

CVE-2021-3541

v2.*

v2.10.0

v2.10.1

v2.10.2

v2.10.3

v2.10.4

v2.11.0

v2.11.1

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.11.6

v2.11.7

v2.11.8

v2.12.0

v2.12.1

v2.12.2

v2.12.3

v2.12.4

v2.12.5

v2.12.6

v2.12.7

v2.9.11

v2.9.12

v2.9.13

v2.9.14

Ecosystem specific

{
    "severity": "HIGH"
}