There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality integrity and availability.

🗓️ 26 May 2021 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

Libxml2 before 2.9.11 has use-after-free via crafted files, risking security.

Reporter	Title	Published	Views	Family All 242
IBM Security Bulletins	Security Bulletin: libXml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2021-3518)	15 Sep 202122:14	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components	19 Jan 202216:26	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in IBM Java Runtime and libxml2 affecting Tivoli Netcool/OMNIbus (Multiple CVEs)	30 Sep 202112:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access	7 Jan 202200:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	5 May 202316:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2021-3518]	27 Sep 202409:49	–	ibm
Tenable Nessus	Amazon Linux 2 : libxml2 (ALAS-2021-1677)	1 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libxml2 (ALAS-2023-1743)	4 May 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0047: libxml2 (ALINUX3-SA-2021:0047)	14 May 202500:00	–	nessus

Vulners

Node

microsoft cm1_libxml2_2.9.12-1Range<2.9.12-1

26 May 2021 07:00Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 3.18.8

EPSS0.03653

libxml2 flaw use-after-free crafted files versions before 2.9.11 security impact