CVE-2024-34459

CWE-122Heap-based Buffer OverflowCWE-119Buffer OverflowCWE-120Classic Buffer OverflowCWE-126Buffer Over-read15 documents9 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxml2
Timeline
PublishedMay 14
Latest updateFeb 25

Description

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDxmlsoft/libxml22.12.02.12.7+1
Debianlibxml2< 2.9.10+dfsg-6.7+deb11u8+3
RubyGemsnokogiri< 1.16.5

🔴Vulnerability Details

9
OSV
libxml2 vulnerabilities2025-02-25
OSV
libxml2 vulnerabilities2025-01-29
GHSA
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-344592024-05-14
OSV
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-344592024-05-14
OSV
CVE-2024-34459: An issue was discovered in xmllint (from libxml2) before 22024-05-14

📋Vendor Advisories

5
Ubuntu
libxml2 vulnerabilities2025-02-25
Ubuntu
libxml2 vulnerabilities2025-01-29
Microsoft
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext i2024-05-14
Red Hat
libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c2024-05-08
Debian
CVE-2024-34459: libxml2 - An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x befor...2024
CVE-2024-34459 (HIGH CVSS 7.5) | An issue was discovered in xmllint | cvebase.io