VYPR

rpm package

opensuse/libxml2-python&distro=openSUSE Leap Micro 5.4

pkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%20Micro%205.4

Vulnerabilities (2)

  • CVE-2024-25062Feb 4, 2024
    affected < 2.9.14-150400.5.28.1fixed 2.9.14-150400.5.28.1

    An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

  • CVE-2023-45322Oct 6, 2023
    affected < 2.9.14-150400.5.25.1fixed 2.9.14-150400.5.25.1

    libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically ca