CVE-2024-25062

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "name": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "tags": ["Exploit", "Issue Tracking"], "refsource": ""}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "name": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "tags": ["Exploit", "Issue Tracking"], "refsource": ""}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "name": "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "tags": ["Release Notes"], "refsource": ""}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "name": "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "tags": ["Release Notes"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-416"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-25062", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2024-02-04T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.12.5", "versionStartIncluding": "2.12.0"}, {"cpe23Uri": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.11.7"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-09T18:16Z"}