Type Confusion Vulnerability in libxmljs Affects XML Parsing

CVE-2024-34391

What is CVE-2024-34391?

libxmljs is susceptible to a type confusion vulnerability during the parsing of specially crafted XML. This issue arises when invoking functions on the result of attrs() from a parsed node, potentially leading to severe consequences including denial of service, infinite loops, data leaks, and remote code execution on 32-bit systems when the XML_PARSE_HUGE flag is enabled. Users and developers should be aware of this risk and apply necessary updates to mitigate exposure.

References