libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)
Impact
An attacker may be able to use crafted XML to reference previously freed memory, leading to data corruption or the execution of arbitrary code.