NULL Pointer Dereference in libxml2 Parsing Invalid XSD Schemas
CVE-2023-28484

6.5MEDIUM

Key Information:

Vendor

Xmlsoft

Status
Vendor
CVE Published:
24 April 2023

What is CVE-2023-28484?

In libxml2 versions prior to 2.10.4, a vulnerability exists that allows for a NULL pointer dereference when parsing certain invalid XML Schema Definition (XSD) files. This flaw occurs within the xmlSchemaFixupComplexType function in xmlschemas.c, potentially leading to segmentation faults. Proper validation of XSD schemas is essential to avoid application crashes and maintain the integrity of XML processing within applications utilizing libxml2.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.