we have detected that your project may be vulnerable to Use After Free in the function of xmlValidNormalizeAttributeValue, xmlAddRef, xmlValidCtxtNormalizeAttributeValue and xmlAddID in the file of DesktopEditor/xml/libxml2/valid.c. It shares similarities to a recent CVE disclosure in GNOME/libxml2.
The source vulnerability information is as follows:
Vulnerability Detail:
CVE Identifier: CVE-2022-23308
Description: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
Patch: [CVE-2022-23308] Use-after-free of ID and IDREF attributes · GNOME/libxml2@652dd12 · GitHub
Would you help to check if this bug is true? If it’s true, I’d like to open a PR for that if necessary. Thank you for your effort and patience!
Would you help to check if this bug is true? If it’s true, I’d like to open a PR for that if necessary. Thank you for your effort and patience!