Security researcher Nils used the Address Sanitizer tool to
discover two type confusion flaws. The first of these occurs while setting
specific attributes of a source
element resulting in incorrect
object casting. The second flaw occurs when binding a source
to a
tree when the function fails to validate the namespace. These flaws lead to
use-after-free errors, resulting in potentially exploitable crashes.