Zan Dobersek

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.9.1 **Description** The issue concerns multiple vulnerabilities in the libxml2 package, which can be exploited to compromise the confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, use-after-free vulnerabilities in libxml2 might allow attackers to cause a denial of service and possibly execute arbitrary code via vectors related to the `htmlParseChunk` and `xmldecl done` functions. **Recommendations** For libxml2 versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `htmlParseChunk` and `xmldecl done` functions until a patch is available. Avoid using the `xmlBufGetInputBase` function in affected API endpoints until the issue is resolved.