CVE-2021-3518 - Xmlsoft Libxml2, Debian Debian Linux and Redhat Jboss Core Services

May 18, 2021

Critical 8.8

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Affected software

Xmlsoft Libxml2

Debian Debian Linux

Redhat Jboss Core Services

Redhat Enterprise Linux

Fedoraproject Fedora

Reference links

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=1954242

CVE-2021-3518 - Xmlsoft Libxml2, Debian Debian Linux and Redhat Jboss Core Services

Affected software

Reference links

Get alerted to vulnerabilities in your software