CLSA-2022-1660064066 Fix CVE(s): CVE-2022-29824

SECURITY UPDATE: Integer overflows - debian/patches/CVE-2022-29824.patch: Fix integer overflows in xmlBuf and xmlBuffer in tree.c, buf.c - CVE-2022-29824...

The vulnerabilities of the components buf.c and tree.c in the libxml2 library allow a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the buf.c and tree.c components of the libxml2 library is related to integer overflow when using the xmlBuf and xmlBuffer types. Exploiting this vulnerability could allow a remote attacker to cause service failures or execute arbitrary code using specially created XML files...

Denial Of Service (DoS)

libxml2.so is vulnerable to denial of service. The xmlBufCreateSize function of buf.c does not properly check types of buffer sizes, allowing an attacker to crash the application by providing large multi-gigabyte buffers...

CVE-2021-0707

CVE-2021-0707 is a vulnerability in the Android kernel: in the function driven by the DMA buffer subsystem, specifically in dma_buf_release of dma-buf.c , there is a memory corruption due to a use-after-free. This can lead to local privilege escalation with no additional execution privileges requ...

PT-2019-18101 · Gnu +3 · Gnu Recutils +3

Name of the Vulnerable Software and Affected Versions: GNU Recutils version 1.8 Description: A memory leak issue was found in the rec buf new function in rec-buf.c when called from rec parse rset in rec-parser.c within librec.a. Recommendations: For GNU Recutils version 1.8, at the moment, there ...