PT-2025-6723 · Libxml2+13 · Libxml2+13

Published

2024-12-15

·

Updated

2026-05-08

·

CVE-2024-56171

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.12.10 and earlier, 2.13.x versions prior to 2.13.6
Description The issue is related to a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Recommendations For libxml2 versions 2.12.10 and earlier, update to version 2.12.10 or later. For libxml2 2.13.x versions prior to 2.13.6, update to version 2.13.6 or later. As a temporary workaround, consider restricting the use of xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions until a patch is available.

Fix

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:2679
ALSA-2025:2686
ALT-PU-2025-13303
ALT-PU-2025-13305
ALT-PU-2025-6978
AZL-56925
AZL-57010
BDU:2025-06438
BIT-JAVA-2024-56171
BIT-JAVA-MIN-2024-56171
BIT-JRE-2024-56171
CESA-2025_2686
CVE-2024-56171
DLA-4064-1
DSA-5949-1
ECHO-6347-1E72-B901
INFSA-2025_2679
INFSA-2025_2686
MGASA-2025-0073
OESA-2025-1225
OPENSUSE-SU-2025:14830-1
OPENSUSE-SU-2025_0746-1
OPENSUSE-SU-2025_0748-1
OPENSUSE-SU-2025_0976-1
RHSA-2025:2482
RHSA-2025:2483
RHSA-2025:2507
RHSA-2025:2513
RHSA-2025:2654
RHSA-2025:2660
RHSA-2025:2673
RHSA-2025:2678
RHSA-2025:2679
RHSA-2025:2686
RHSA-2025_2679
RHSA-2025_2686
ROSA-SA-2025-2868
SUSE-SU-2025:0746-1
SUSE-SU-2025:0747-1
SUSE-SU-2025:0748-1
SUSE-SU-2025:0976-1
SUSE-SU-2025:20177-1
SUSE-SU-2025:20274-1
SUSE-SU-2025_0746-1
SUSE-SU-2025_0747-1
SUSE-SU-2025_0748-1
SUSE-SU-2025_0976-1
USN-7302-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libxml2