Use-After-Free Vulnerability in libxml2 Affects GNOME Products
CVE-2022-49043

8.1HIGH

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 26 January 2025

What is CVE-2022-49043?

The vulnerability resides in the xmlXIncludeAddNode function within the xinclude.c file of libxml2 prior to version 2.11.0. This issue can lead to exploitation through improper memory management, resulting in a use-after-free scenario. Attackers could potentially execute arbitrary code or crash applications utilizing this library, emphasizing the need for timely updates to secure environments.

Affected Version(s)

libxml2 2.0.0 < 2.11.0

References

https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e2160...

https://github.com/php/php-src/issues/17467

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2025
Vulnerability Reserved
Jan 26, 2025

Xmlsoft

What is CVE-2022-49043?

Affected Version(s)

References

CVSS V3.1

Timeline