CVE-2023-28484: NULL Pointer Dereference

April 24, 2023 (updated February 1, 2024)

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

References

gitlab.gnome.org/GNOME/libxml2/-/issues/491
gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
lists.debian.org/debian-lts-announce/2023/04/msg00031.html
nvd.nist.gov/vuln/detail/CVE-2023-28484

Detect and mitigate CVE-2023-28484 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →