ALAS2-2023-1996 --- libxml2ID: oval:org.secpod.oval:def:1701240 | Date: (C)2023-03-28 (M)2023-12-07 |
Class: PATCH | Family: unix |
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked