1From 92721970884fcc13305cb8e23cdc5f0dd7667c2c Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Sat, 14 Oct 2023 22:45:54 +0200 4Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when 5 backtracking 6 7Fixes a use-after-free if XML Reader if used with DTD validation and 8XInclude expansion. 9 10Fixes #604. 11--- 12 xmlreader.c | 1 + 13 1 file changed, 1 insertion(+) 14 15diff --git a/xmlreader.c b/xmlreader.c 16index 5c37738e..1f903306 100644 17--- a/xmlreader.c 18+++ b/xmlreader.c 19@@ -1378,6 +1378,7 @@ node_found: 20 * Handle XInclude if asked for 21 */ 22 if ((reader->xinclude) && (reader->in_xinclude == 0) && 23+ (reader->state != XML_TEXTREADER_BACKTRACK) && 24 (reader->node != NULL) && 25 (reader->node->type == XML_ELEMENT_NODE) && 26 (reader->node->ns != NULL) && 27-- 28GitLab 29 30