2 matches found
CLSA-2025-1742379480 libxml2: Fix of 2 CVEs
CVE-2024-56171: fix use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c - CVE-2025-24928: fix stack-based buffer overflow in xmlSnprintfElements in valid.c...
CVE-2024-56171
CVE-2024-56171 affects libxml2 up to 2.12.9 and 2.13.x up to 2.13.5. It is a use-after-free in the functions xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables (in xmlschemas.c). To exploit, a crafted XML document must be validated against an XML schema with certain identity constraints,...