Use-After-Free Vulnerability in libxml2 Affects multiple vendors
CVE-2021-3518

8.8HIGH

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 18 May 2021

What is CVE-2021-3518?

A vulnerability in libxml2 allows an attacker to exploit a use-after-free flaw by submitting a crafted file to applications linked with the library. This could lead to unauthorized actions, impacting the confidentiality, integrity, and availability of the affected systems. Users of libxml2 versions prior to 2.9.11 are especially at risk, emphasizing the need for timely updates and security patches.

Affected Version(s)

libxml2 libxml2 2.9.11

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.debian.org/debian-lts-announce/2021/05/msg0...

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1954242

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2021
Vulnerability Reserved
Apr 27, 2021

Xmlsoft

What is CVE-2021-3518?

Affected Version(s)

References

CVSS V3.1

Timeline