CVE-2021-3516

There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Summary:

There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Reference Links(if available):

  • https://bugzilla.redhat.com/show_bug.cgi?id=1954225
  • https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
  • https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
  • https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)