5 matches found
SUSE CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...
CLSA-2022-1670518262 Fix CVE(s): CVE-2022-40303, CVE-2022-40304
SECURITY UPDATE: Integer overflows with XMLPARSEHUGE - debian/patches/CVE-2022-40303.patch: Impose size limits when XMLPARSEHUGE is set and add length checks to core parser functions - CVE-2022-40303 SECURITY UPDATE: Dict corruption caused by entity reference cycles -...
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset typically leading to a segmentation fault.
...
AZL-11471 CVE-2022-40303 affecting package libxml2 for versions less than 2.10.3-1
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...
UBUNTU-CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...