CVE-2022-49043: Use After Free
Published Jan 26, 2025
·Updated
Last updated 25 February 2025
Affected Software
5 affected componentsFixes available
libxml2 libxml2<2.11.0
debian/libxml2<=2.9.10+dfsg-6.7+deb11u4, <=2.9.14+dfsg-1.3~deb12u1, <=2.12.7+dfsg+really2.9.14-0.2, <=2.12.7+dfsg+really2.9.14-0.3
2.9.10+dfsg-6.7+deb11u6
Xmlsoft Libxml2<2.11.0
Microsoft cbl2 libxml2 2.10.4-6
Microsoft cbl2 libxml2 2.10.4-5
Remediation
Event History
Jan 26, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via Red Hat·06:01 AM
DescriptionSeverityAffected Software
Data Sourced
via NVD·06:15 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·06:15 AM
RemedyAffected Software
Feb 1, 2025
Data Sourced
via Microsoft·08:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
DescriptionSeverity
Feb 25, 2025
Data Sourced
via Ubuntu·11:59 PM
RemedyDescriptionSeverityAffected Software
Mar 14, 2025
Data Sourced
via Launchpad·12:04 AM
Description
Jan 30, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2022-49043?
CVE-2022-49043 has a high severity due to its use-after-free vulnerability in libxml2.
2
How do I fix CVE-2022-49043?
To resolve CVE-2022-49043, upgrade libxml2 to version 2.11.0 or later.
3
Which versions of libxml2 are affected by CVE-2022-49043?
CVE-2022-49043 affects all versions of libxml2 prior to 2.11.0.
4
Is CVE-2022-49043 exploitable remotely?
Yes, CVE-2022-49043 can potentially be exploited remotely, leading to application crashes or code execution.
5
What software uses libxml2 and is impacted by CVE-2022-49043?
Software that relies on libxml2 versions prior to 2.11.0 may be impacted by CVE-2022-49043.