{
  "schema_version": "1.7.0",
  "id": "MGASA-2024-0172",
  "published": "2024-05-09T02:40:29Z",
  "modified": "2024-05-09T02:19:06Z",
  "summary": "Updated libxml2 packages fix a security vulnerability",
  "details": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before\n2.12.5. When using the XML Reader interface with DTD validation and\nXInclude expansion enabled, processing crafted XML documents can lead to\nan xmlValidatePopElement use-after-free. (CVE-2024-25062)\n",
  "upstream": [
    "CVE-2024-25062"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2024-0172.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=33184"
    },
    {
      "type": "WEB",
      "url": "https://lwn.net/Articles/972329/"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "libxml2",
        "purl": "pkg:rpm/mageia/libxml2?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.10.4-1.3.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}