valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
https://security.netapp.com/advisory/ntap-20220331-0008/
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
https://support.apple.com/kb/HT213253
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://support.apple.com/kb/HT213258
https://support.apple.com/kb/HT213254
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/34
http://seclists.org/fulldisclosure/2022/May/37
http://seclists.org/fulldisclosure/2022/May/36
http://seclists.org/fulldisclosure/2022/May/38
Source: MITRE
Published: 2022-02-26
Updated: 2022-11-02
Type: CWE-416
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH