libxml2.so is vulnerable to use after free. The vulnerability exists in ID and IDREF attributes of several functions in valid.c
due to lack of validations of which leads to an application crash.
seclists.org/fulldisclosure/2022/May/33
seclists.org/fulldisclosure/2022/May/34
seclists.org/fulldisclosure/2022/May/35
seclists.org/fulldisclosure/2022/May/36
seclists.org/fulldisclosure/2022/May/37
seclists.org/fulldisclosure/2022/May/38
github.com/advisories/GHSA-8v47-xfh7-92fh
github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
lists.debian.org/debian-lts-announce/2022/04/msg00004.html
lists.fedoraproject.org/archives/list/[email protected]/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/
security.gentoo.org/glsa/202210-03
security.netapp.com/advisory/ntap-20220331-0008/
support.apple.com/kb/HT213253
support.apple.com/kb/HT213254
support.apple.com/kb/HT213255
support.apple.com/kb/HT213256
support.apple.com/kb/HT213257
support.apple.com/kb/HT213258
www.oracle.com/security-alerts/cpujul2022.html