JLSEC-2025-83

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5

JLSEC Published: Oct 17, 2025
Modified: Oct 31, 2025
Affected Packages: XML2_jll < 2.12.5+0
Aliases / Upstream: CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

References

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
https://gitlab.gnome.org/GNOME/libxml2/-/tags
https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
https://gitlab.gnome.org/GNOME/libxml2/-/tags