PT-2021-4599 · Libxml2+9 · Libxml2+9

Published

2021-04-21

·

Updated

2026-03-13

·

CVE-2021-3516

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11
Description The issue is related to a use-after-free flaw in libxml2's xmllint. An attacker can exploit this by submitting a crafted file to be processed, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service. The flaw affects confidentiality, integrity, and availability.
Recommendations For versions prior to 2.9.11, update to version 2.9.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the xmllint component until a patch is applied. Avoid using xmllint to process untrusted or crafted files until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:2569
ALT-PU-2021-2057
ALT-PU-2021-3332
BDU:2021-05282
CESA-2021_2569
CVE-2021-3516
DLA-2653-1
MGASA-2021-0213
OPENSUSE-SU-2021:0692-1
OPENSUSE-SU-2021:0764-1
OPENSUSE-SU-2021_0692-1
OPENSUSE-SU-2021_0764-1
OPENSUSE-SU-2024:11016-1
OPENSUSE-SU-2024:11340-1
OPENSUSE-SU-2024:11912-1
OPENSUSE-SU-2024:13165-1
OPENSUSE-SU-2024:14174-1
OPENSUSE-SU-2025:14697-1
OPENSUSE-SU-2026:10356-1
RHSA-2021:2569
RHSA-2021_2569
RHSA-2022:1389
RLSA-2021:2569
SUSE-SU-2021:14729-1
SUSE-SU-2021:1523-1
SUSE-SU-2021:1524-1
SUSE-SU-2021:1654-1
SUSE-SU-2021:1658-1
SUSE-SU-2021_14729-1
SUSE-SU-2021_1523-1
SUSE-SU-2021_1524-1
SUSE-SU-2021_1654-1
SUSE-SU-2021_1658-1
USN-4991-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
Libxml2