Updated libxml2 packages fix a security vulnerability
Publication date: 09 May 2024Modification date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25062
Description
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. (CVE-2024-25062)
References
SRPMS
9/core
- libxml2-2.10.4-1.3.mga9