Nathan Wachholz

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.10.3 **Description** An issue was discovered in libxml2 where certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked, which may allow a remote attacker to cause a denial of service. The vulnerability is related to the handling of objects with a dict structure, where the value of the first byte is zero. This issue can be exploited by a remote attacker to cause a denial of service. **Recommendations** For libxml2 versions prior to 2.10.3, update to version 2.10.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XML PARSE HUGE function to minimize the risk of exploitation. Additionally, avoid using specially-crafted files that could provoke the double-free error until the issue is resolved.