An use-after-free was found in xmllint when used with --html and --push options when processing crafted files.
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1954227]
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1954226]
Name: zodf0055980 (SQLab NCTU Taiwan)
The only known exploitation path of this flaw is via the xmllint tool.
This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .
This flaw was caused by xmlCtxtUseOptions() being called on a htmlParserCtxtPtr, rather than htmlCtxtUseOptions().
This flaw can be mitigated by not using xmllint with the --html and --push options together.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:2569 https://access.redhat.com/errata/RHSA-2021:2569
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):