CVE-2024-25062: Use After Free

February 4, 2024 (updated July 15, 2024)

When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

References

gitlab.gnome.org/GNOME/libxml2/-/issues/604
nvd.nist.gov/vuln/detail/CVE-2024-25062

Code Behaviors & Features

Detect and mitigate CVE-2024-25062 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →