Msrc Cm1 Libxml2 2.9.14-3 On Cbl Mariner 1.0 vulnerabilities

CVE-2022-40303 [HIGH] CWE-190 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled several integer counters can overflow. This results in an att An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset typically leading to

CVE-2022-40304 [HIGH] CWE-415 An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key potentially leading to subsequent logic errors. In one case a double-free can be p An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key potentially leading to subsequent logic errors. In one case a double-free can be provoked. FAQ: Is Azure Linux the only Microsoft product that include

CVE-2016-3709 [MEDIUM] CWE-79 Possible cross-site scripting vulnerability in libxml after commit 960f0e2. Possible cross-site scripting vulnerability in libxml after commit 960f0e2. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions o