CVE-2022-29824

MEDIUM

libxml2 < 2.9.14 - Integer Overflow via Buffer Handling Functions

Title source: llm
STIX 2.1

Description

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

References (14)

Core 14
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5142
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-03
Release Notes, Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
Product, Third Party Advisory
https://gitlab.gnome.org/GNOME/libxslt/-/tags

Scores

CVSS v3 6.5
EPSS 0.0007
EPSS Percentile 22.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-190
Status published
Products (23)
debian/debian_linux 9.0
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
netapp/active_iq_unified_manager
netapp/clustered_data_ontap
netapp/clustered_data_ontap_antivirus_connector
netapp/h300s_firmware
... and 13 more
Published May 03, 2022
Tracked Since Feb 18, 2026