OSV-2024-103

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-103

Published

2024-02-15T00:00:51.271367Z

Modified

2024-02-15T00:00:51.271973Z

Summary

Heap-use-after-free in xmlRemoveID

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66679

Crash type: Heap-use-after-free READ 4
Crash state:
xmlRemoveID
xmlFreeProp
xmlFreeNode

References

Affected packages

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libxml2.git
Events: Introduced

d025cfbb4bf05785d970e268e46d674580a8a686

Fixed

c444c96e20253e5996f4209a123b96a6c273dac6

{
    "severity": "HIGH"
}

{
    "fixed_range": "87bebd25f11be333f0742ee5dc80e07d306c76df:c444c96e20253e5996f4209a123b96a6c273dac6"
}