DSA-5271-1 libxml2 -- libxml2ID: oval:org.secpod.oval:def:88425 | Date: (C)2023-03-28 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. CVE-2022-40303 Maddie Stone discovered that missing safety checks in several functions can result in integer overflows when parsing a XML document with the XML_PARSE_HUGE option enabled. CVE-2022-40304 Ned Williamson and Nathan Wachholz discovered a vulnerability when handling detection of entity reference cycles, which may result in corrupted dictionary entries. This flaw may lead to logic errors, including memory errors like double free flaws.
Product: |
python3-libxml2 |
libxml2 |