AI description
CVE-2024-56171 is a use-after-free vulnerability found in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions of libxml2. This flaw can be triggered when processing a specially crafted XML document or schema. Exploitation could lead to arbitrary code execution. Libxml2 is a widely used XML parsing library developed for the GNOME project, but it's also used across various other platforms. The vulnerability affects libxml2 versions prior to 2.12.10 and 2.13.x versions before 2.13.6. The issue was addressed in later releases of the library. It's important to note that this information is current as of today, February 25, 2025, and may change with future updates or discoveries.
- Description
- libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.8
- Exploitability score
- 1.4
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-416
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Threat Alert: CVE-2024-56171 &amp- CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/bGoZT33ooK #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
25 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Multiple vulnerabilities (CVE-2024-56171 & CVE-2025-24928) in Libxml2 could lead to code execution & denial of service. Updates (2.12.10 & 2.13.6) are critical for security. 🛡️🔒 #Libxml2 #SecurityUpdate #Germany link: https://t.co/nHacQ7bODu https://t.co/jPoQPpaE2f
@TweetThreatNews
24 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Libxml2にコード実行の脆弱性。CVE-2024-56171とCVE-2025-24928はCVSSスコア7.8で、前者がxmlSchemaIDCFillNodeTables()とxmlSchemaBubbleIDCNodeTables()における解放後メモリ使用。後者はxmlSnprintfElements()におけるスタックベースのバッファオーバーフロー。 https://t.co/QFZqEHeXMC
@__kokumoto
24 Feb 2025
635 Impressions
1 Retweet
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Two vulnerabilities in Libxml2, CVE-2024-56171 and CVE-2025-24928, may permit code execution, posing significant risks (https://t.co/ukNicN0KUE). Developers using this library should assess exposure promptly. #cybersecurity #CVE
@adriananglin
24 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56171 & CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution https://t.co/4HgCAbQ9Gx
@Dinosn
24 Feb 2025
2897 Impressions
8 Retweets
35 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2024-56171 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, … https://t.co/xFymsdPpdH
@CVEnew
18 Feb 2025
274 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes