libxml2.so is vulnerable to Double Free. The initial byte of an empty string is used by xmlDictComputeFastKey
to calculate a hash value, which is typically null-terminated but may be random if the string is a part of a bigger buffer, resulting in logic and memory errors, such as a double free.
github.com/GNOME/libxml2/commit/09a2dd453007f9c7205274623acdd73747c22d64
gitlab.gnome.org/GNOME/libxml2/-/issues/510
gitlab.gnome.org/GNOME/libxml2/-/issues/510
gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
lists.debian.org/debian-lts-announce/2023/04/msg00031.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.netapp.com/advisory/ntap-20230601-0006/