cbcvebase.
CVE-2022-29824
published 2022-05-03

CVE-2022-29824: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in…

medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Affected

25 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlibxml2< libxml2 2.9.14+dfsg-1 (bookworm)libxml2 2.9.14+dfsg-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
googlechrome_chrome
msrccbl2_libxml2_2.9.14-1_on_cbl_mariner_2.0
msrccbl2_libxslt_1.1.34-7_on_cbl_mariner_2.0
msrccm1_libxml2_2.9.14-1_on_cbl_mariner_1.0
msrccm1_libxslt_1.1.34-3_on_cbl_mariner_1.0
nokogirinokogiri>= 0 < 1.13.51.13.5
oraclezfs_storage_appliance_kit
xmlsoftlibxml2< 2.9.142.9.14
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-6.7+deb11u22.9.10+dfsg-6.7+deb11u2
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-12.9.14+dfsg-1
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-12.9.14+dfsg-1
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-12.9.14+dfsg-1
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-6.1ubuntu1.62.9.4+dfsg1-6.1ubuntu1.6
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.32.9.10+dfsg-5ubuntu0.20.04.3
xmlsoftlibxml2>= 0 < 2.9.13+dfsg-1ubuntu0.12.9.13+dfsg-1ubuntu0.1
xmlsoftlibxml2>= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm32.9.1+dfsg1-3ubuntu4.13+esm3
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm22.9.3+dfsg1-1ubuntu0.7+esm2
xmlsoftlibxslt<= 1.1.35

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ghsa6.5MEDIUM
osv7.5HIGH