A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
The product dereferences a pointer that it expects to be valid but is NULL.
| Link | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/ | vendor advisory |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html | third party advisory mailing list |
| https://bugzilla.redhat.com/show_bug.cgi?id=1956522 | issue tracking third party advisory patch |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/ | vendor advisory |
| https://security.gentoo.org/glsa/202107-05 | third party advisory vendor advisory |
| https://security.netapp.com/advisory/ntap-20210625-0002/ | third party advisory |
| https://www.oracle.com/security-alerts/cpuoct2021.html | third party advisory patch |
| https://www.oracle.com/security-alerts/cpuapr2022.html | third party advisory patch |
| https://www.oracle.com/security-alerts/cpujul2022.html | not applicable |