libxmljs vulnerable to type confusion when parsing specially crafted XML
Critical severity
GitHub Reviewed
Published
May 2, 2024
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Description
Published by the National Vulnerability Database
May 2, 2024
Published to the GitHub Advisory Database
May 2, 2024
Reviewed
May 3, 2024
Last updated
Nov 18, 2024
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the
namespaces()
function (which invokes_wrap__xmlNode_nsDef_get()
) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.References