Vulnerability CVE-2022-40303


Published: 2022-11-23

Description:
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
libxml2 xmlParseNameComplex Integer Overflow
Google Security ...
15.11.2022

Type:

CWE-189

(Numeric Errors)

 References:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

Copyright 2024, cxsecurity.com

 

Back to Top