Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/26 4:52 p.m.10 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the lydparsersetdataflags function. An attacker can cause process crashes or potentially execute arbitrary code by submitting crafted YANG XML documents with specific metadata attributes to applications that parse...

8.1CVSS6.2AI score0.00519EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 2:8 p.m.12 views

CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...

7.1CVSS5.9AI score0.00519EPSS
Exploits0References4
CVE
CVE
added 2026/05/26 2:8 p.m.64 views

CVE-2026-41401

CVE-2026-41401 affects libyang prior to 5.2.6, where a heap-use-after-free occurs in lyd_parser_set_data_flags due to incorrect updates to metadata list pointers when freeing non-head default metadata entries. This can be triggered by submitting crafted YANG XML documents with specific metadata a...

7.1CVSS5.9AI score0.00519EPSS
Exploits0References4
OSV
OSV
added 2021/04/01 8:15 p.m.2 views

UBUNTU-CVE-2021-29421

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries...

7.5CVSS5.8AI score0.01713EPSS
Exploits0References3
Rows per page
Query Builder