4 matches found
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the lydparsersetdataflags function. An attacker can cause process crashes or potentially execute arbitrary code by submitting crafted YANG XML documents with specific metadata attributes to applications that parse...
CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing
libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...
CVE-2026-41401
CVE-2026-41401 affects libyang prior to 5.2.6, where a heap-use-after-free occurs in lyd_parser_set_data_flags due to incorrect updates to metadata list pointers when freeing non-head default metadata entries. This can be triggered by submitting crafted YANG XML documents with specific metadata a...
UBUNTU-CVE-2021-29421
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries...