{"id":"CVE-2020-22617","details":"Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.","modified":"2026-04-10T04:24:47.165448Z","published":"2021-10-08T20:15:07.330Z","references":[{"type":"ADVISORY","url":"https://tracker.ardour.org/view.php?id=7926"},{"type":"FIX","url":"https://github.com/Ardour/ardour/commit/96daa4036a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ardour/ardour","events":[{"introduced":"0"},{"last_affected":"ae0dcdc0c5d13483271065c360e378202d20170a"},{"fixed":"96daa4036a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.12"}]}}],"versions":["2.0beta10","2.0beta11","2.0beta11.1","2.0beta12","2.0beta4","2.0beta5","2.0beta5.1","2.0beta6","2.0beta6.1","2.0beta7","2.0beta7.1","2.0beta8","2.0beta9","2.0rc1","3.0","3.0-alpha1","3.0-alpha10","3.0-alpha2","3.0-alpha5","3.0-alpha6","3.0-alpha8","3.0-alpha9","3.0-beta1","3.0-beta2","3.0-beta3","3.1","3.2","3.3","3.4","3.5","3.5.14","3.5.143","3.5.308","3.5.357","3.5.380","3.5.403","3.5.74","4.1","4.2","4.3","4.4","4.5","4.6","4.7","5.0","5.0-pre0","5.0-pre1","5.0-rc1","5.0-rc2","5.1","5.10","5.11","5.12","5.2","5.3","5.4","5.5","5.6","5.7","5.8","5.9","a3-alpha7","prercu"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-22617.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}