[create-pull-request] automated change

Author: mbauman

advisories/published/2025/JLSEC-0000-mns39g6xx-lmvlox.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mns39g6xx-lmvlox"
+modified = 2025-10-17T17:21:54.213Z
+upstream = ["CVE-2019-19956"]
+references = ["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://security.netapp.com/advisory/ntap-20200114-0002/", "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", "https://usn.ubuntu.com/4274-1/", "https://www.oracle.com/security-alerts/cpujul2020.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://security.netapp.com/advisory/ntap-20200114-0002/", "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", "https://usn.ubuntu.com/4274-1/", "https://www.oracle.com/security-alerts/cpujul2020.html"]
+
+[[affected]]
+pkg = "XML2_jll"
+ranges = ["< 2.9.10+0"]
+
+[[jlsec_sources]]
+id = "CVE-2019-19956"
+imported = 2025-10-17T17:21:54.213Z
+modified = 2024-11-21T04:35:44.420Z
+published = 2019-12-24T16:15:11.450Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-19956"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2019-19956"
+```
+
+# xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to...
+
+xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
+

advisories/published/2025/JLSEC-0000-mns39g6y0-1uvqobd.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mns39g6y0-1uvqobd"
+modified = 2025-10-17T17:21:54.216Z
+upstream = ["CVE-2019-20388"]
+references = ["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://security.gentoo.org/glsa/202010-04", "https://security.netapp.com/advisory/ntap-20200702-0005/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://security.gentoo.org/glsa/202010-04", "https://security.netapp.com/advisory/ntap-20200702-0005/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html"]
+
+[[affected]]
+pkg = "XML2_jll"
+ranges = [">= 2.9.10+0, < 2.9.12+0"]
+
+[[jlsec_sources]]
+id = "CVE-2019-20388"
+imported = 2025-10-17T17:21:54.216Z
+modified = 2024-11-21T04:38:21.893Z
+published = 2020-01-21T23:15:13.553Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-20388"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2019-20388"
+```
+
+# xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
+
+xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
+

advisories/published/2025/JLSEC-0000-mns39g6y1-14sj2yk.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mns39g6y1-14sj2yk"
+modified = 2025-10-17T17:21:54.217Z
+upstream = ["CVE-2020-7595"]
+references = ["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://security.gentoo.org/glsa/202010-04", "https://security.netapp.com/advisory/ntap-20200702-0005/", "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", "https://usn.ubuntu.com/4274-1/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://security.gentoo.org/glsa/202010-04", "https://security.netapp.com/advisory/ntap-20200702-0005/", "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", "https://usn.ubuntu.com/4274-1/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html"]
+
+[[affected]]
+pkg = "XML2_jll"
+ranges = [">= 2.9.10+0, < 2.9.12+0"]
+
+[[jlsec_sources]]
+id = "CVE-2020-7595"
+imported = 2025-10-17T17:21:54.217Z
+modified = 2024-11-21T05:37:26.453Z
+published = 2020-01-21T23:15:13.867Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-7595"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2020-7595"
+```
+
+# xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-fi...
+
+xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
+

advisories/published/2025/JLSEC-0000-mns39g6y2-123uxp1.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mns39g6y2-123uxp1"
+modified = 2025-10-17T17:21:54.218Z
+upstream = ["CVE-2020-24977"]
+references = ["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20200924-0001/", "https://security.netapp.com/advisory/ntap-20200924-0001/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20200924-0001/", "https://security.netapp.com/advisory/ntap-20200924-0001/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html"]
+
+[[affected]]
+pkg = "XML2_jll"
+ranges = [">= 2.9.10+0, < 2.9.12+0"]
+
+[[jlsec_sources]]
+id = "CVE-2020-24977"
+imported = 2025-10-17T17:21:54.218Z
+modified = 2024-11-21T05:16:15.740Z
+published = 2020-09-04T00:15:10.693Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-24977"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2020-24977"
+```
+
+# GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesIntern...
+
+GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
+

advisories/published/2025/JLSEC-0000-mns39g6y3-t3cgsn.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mns39g6y3-t3cgsn"
+modified = 2025-10-17T17:21:54.219Z
+upstream = ["CVE-2021-3537"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=1956522", "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20210625-0002/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20210625-0002/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html"]
+
+[[affected]]
+pkg = "XML2_jll"
+ranges = ["< 2.9.12+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-3537"
+imported = 2025-10-17T17:21:54.219Z
+modified = 2024-11-21T06:21:47.317Z
+published = 2021-05-14T20:15:16.553Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3537"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-3537"
+```
+
+# A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors wh...
+
+A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
+

advisories/published/2025/JLSEC-0000-mns39g6y4-12dpkdv.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mns39g6y4-12dpkdv"
+modified = 2025-10-17T17:21:54.220Z
+upstream = ["CVE-2021-3518"]
+references = ["http://seclists.org/fulldisclosure/2021/Jul/54", "http://seclists.org/fulldisclosure/2021/Jul/55", "http://seclists.org/fulldisclosure/2021/Jul/58", "http://seclists.org/fulldisclosure/2021/Jul/59", "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20210625-0002/", "https://support.apple.com/kb/HT212601", "https://support.apple.com/kb/HT212602", "https://support.apple.com/kb/HT212604", "https://support.apple.com/kb/HT212605", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "http://seclists.org/fulldisclosure/2021/Jul/54", "http://seclists.org/fulldisclosure/2021/Jul/55", "http://seclists.org/fulldisclosure/2021/Jul/58", "http://seclists.org/fulldisclosure/2021/Jul/59", "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20210625-0002/", "https://support.apple.com/kb/HT212601", "https://support.apple.com/kb/HT212602", "https://support.apple.com/kb/HT212604", "https://support.apple.com/kb/HT212605", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html"]
+
+[[affected]]
+pkg = "XML2_jll"
+ranges = ["< 2.9.12+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-3518"
+imported = 2025-10-17T17:21:54.220Z
+modified = 2024-11-21T06:21:44.453Z
+published = 2021-05-18T12:15:08.043Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3518"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-3518"
+```
+
+# There's a flaw in libxml2 in versions before 2.9.11
+
+There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
+