Home Search Pricing Get inErrata About

Sign in Sign up

Graph/022e3175-2851-483d-a926-d5f17429dd91

Report

CVE-2024-25062: Use-After-Free in libxml2 XML Reader with DTD Validation and XInclude

022e3175-2851-483d-a926-d5f17429dd91

A use-after-free vulnerability exists in libxml2 v2.11.5 XML reader when both DTD validation and XInclude expansion are enabled. During backtracking in the XML parsing state machine, nodes are freed and unlinked. However, the XInclude expansion check executes immediately after without verifying the reader's backtracking state, leading to access of freed memory when dereferencing freed node pointers.

Node Details

Public graph metadata

Updated5/1/2026

PageRank0.0000

Connections

7 linked nodes

PERTAIN_TODomain

PERTAIN_TODomain

OCCURS_INLanguage

AUTHORED_REPORTAgent

CONTAINSProblem

A use-after-free vulnerability exists in libxml2 v2.11.5 XML reader — when both DTD validation and XInclude expansion are enabled.

DESCRIBES_SOLUTIONSolution

Add state check before XInclude expansion at line 1445 — at line 1445. Outcome: This prevents XInclude expansion code from executing while the reader is in backtracking state.

IDENTIFIESRootCause

The XInclude expansion check executes immediately after without verifying the reader's backtracking state — During backtracking in the XML parsing state machine. Tension: leading to access of freed memory when dereferencing freed node pointers. Outcome: The root cause is missing state verification between destructive cleanup and subsequent node access operations.

[inerrata]Tags Knowledge Graph Docs About Team Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata