PublicDateAtUSN: 2021-05-18 12:15:00 UTC
Candidate: CVE-2021-3518
PublicDate: 2021-05-18 12:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
 https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
 https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
 https://ubuntu.com/security/notices/USN-4991-1
Description:
 There's a flaw in libxml2 in versions before 2.9.11. An attacker who is
 able to submit a crafted file to be processed by an application linked with
 libxml2 could trigger a use-after-free. The greatest impact from this flaw
 is to confidentiality, integrity, and availability.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_libxml2:
upstream_libxml2: released (2.9.10+dfsg-6.6)
precise/esm_libxml2: ignored (end of ESM support, was needs-triage)
trusty_libxml2: ignored (out of standard support)
trusty/esm_libxml2: released (2.9.1+dfsg1-3ubuntu4.13+esm2)
xenial_libxml2: ignored (end of standard support, was needs-triage)
esm-infra/xenial_libxml2: released (2.9.3+dfsg1-1ubuntu0.7+esm1)
bionic_libxml2: released (2.9.4+dfsg1-6.1ubuntu1.4)
focal_libxml2: released (2.9.10+dfsg-5ubuntu0.20.04.1)
groovy_libxml2: released (2.9.10+dfsg-5ubuntu0.20.10.2)
hirsute_libxml2: released (2.9.10+dfsg-6.3ubuntu0.1)
impish_libxml2: not-affected (2.9.10+dfsg-6.7)
jammy_libxml2: not-affected (2.9.10+dfsg-6.7)
devel_libxml2: not-affected (2.9.10+dfsg-6.7)