Primary

Context

libxml2 Use-After-Free Vulnerability in xmlXIncludeAddNode Function

Vulnerability

A use-after-free vulnerability has been identified in libxml2 versions prior to 2.11.0, specifically within the xmlXIncludeAddNode function in xinclude.c. This vulnerability can be exploited by manipulating XML data to create a memory management issue, leading to potential memory corruption.

Impact

Exploitation of this vulnerability causes a heap-based use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a PHP script that creates a large string and replaces a portion of an XML file with this string. When the DOM XMLDocument processes the modified XML, the use-after-free vulnerability is triggered.

Remediation

Users should upgrade to libxml2 version 2.11.0 or later, where this vulnerability has been fixed.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libxml2 Use-After-Free Vulnerability in xmlXIncludeAddNode Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

GNOME libxml2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating