ALT-PU-2024-3790-2

Package update libxml2 in branch sisyphus

Version2.12.5-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (3)

HIGH7.5

Уязвимость функции xmlValidatePopElement компонента XML Reader Interface библиотеки Libxml2, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-02-19Modified: 2026-03-04

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2024-25062

HIGH7.5

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Published: 2024-02-04Modified: 2025-11-03

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-xc9x-jj77-9p9j

NONE

Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

Published: 2024-02-05Modified: 2025-05-23

References