NULL Pointer Dereference in libxml2 Parsing Invalid XSD Schemas
CVE-2023-28484
6.5MEDIUM
What is CVE-2023-28484?
In libxml2 versions prior to 2.10.4, a vulnerability exists that allows for a NULL pointer dereference when parsing certain invalid XML Schema Definition (XSD) files. This flaw occurs within the xmlSchemaFixupComplexType function in xmlschemas.c, potentially leading to segmentation faults. Proper validation of XSD schemas is essential to avoid application crashes and maintain the integrity of XML processing within applications utilizing libxml2.