What the vulnerability does

01Description

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Key dates

02Disclosure timeline

May 14, 2021 CVE published
August 3, 2024 Record updated