JLSEC-2025-82 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fa...

🗓️ 17 Oct 2025 17:40:51Reported by GoogleType

osv🔗 osv.dev👁 1 Views

libxml2 2.11.5 has use-after-free in xmlUnlinkNode after allocation failure; vendor downgrades severity.

Reporter	Title	Published	Views	Family All 113
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues	19 Jun 202517:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in the RHEL UBI (CVE-2024-25062, CVE-2023-39615, CVE-2023-45322)	27 Jun 202520:01	–	ibm
Tenable Nessus	Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-411)	4 Nov 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libxml2 (ALAS-2023-2321)	2 Nov 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libxml2 (ALAS-2023-1874)	3 Nov 202300:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: libxml2 (CVE-2023-45322)	11 Feb 202500:00	–	nessus
Tenable Nessus	Debian dla-4064 : libxml2 - security update	22 Feb 202500:00	–	nessus
Tenable Nessus	Debian dsa-5949 : libxml2 - security update	26 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-3250)	16 Jan 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-3278)	16 Jan 202400:00	–	nessus

Source	Link
openwall	www.openwall.com/lists/oss-security/2023/10/06/5
gitlab	www.gitlab.gnome.org/GNOME/libxml2/-/issues/344
gitlab	www.gitlab.gnome.org/GNOME/libxml2/-/issues/583
lists	www.lists.debian.org/debian-lts-announce/2025/02/msg00028.html

07 May 2026 17:15Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

EPSS0.0007

SSVC