CVE-2022-49043

CVE-2022-49043

CVSS 8.1 HIGHEPSS 0.3%CWE-416

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

xmlsoft · libxml2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html