VDB
AZL-34290
AZL-34290
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Azure Linux:2 | libxml2 | 0 |
Exploit Intelligence
- TestCommand.yaml (github-poc)
- guard-xml.js (github-poc)
Timeline
- Feb 4, 2024 CVE Published
- Apr 21, 2026 CVE Updated