CVE
CVE-2024-25062
| CVE ID |
CVE-2024-25062
|
|---|---|
| CVSS Score |
7.5
|
| Operating System | |
| Affected Versions |
CentOS 7
|
| Patched Versions |
libxml2-2.9.1-6_ol013.el7.6
|
| Patch Date |
|
| Last Updated Date |
|
| Vector String |
Additional Information
OL CVE Issue Summary:
A use-after-free in XML Reader path when DTD validation and XInclude expansion are both enabled. A crafted document can trigger XML Reader backtracking and reprocessing of an XInclude node, which may invalidate or free nodes while validation still references them.