CVE-2022-29824

NameCVE-2022-29824
DescriptionIn libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-3012-1, DSA-5142-1
Debian Bugs1010526

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libxml2 (PTS)stretch2.9.4+dfsg1-2.2+deb9u2vulnerable
stretch (security)2.9.4+dfsg1-2.2+deb9u7fixed
buster2.9.4+dfsg1-7+deb10u3vulnerable
buster (security)2.9.4+dfsg1-7+deb10u4fixed
bullseye2.9.10+dfsg-6.7+deb11u1vulnerable
bullseye (security)2.9.10+dfsg-6.7+deb11u2fixed
bookworm, sid2.9.14+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libxml2sourcestretch2.9.4+dfsg1-2.2+deb9u7DLA-3012-1
libxml2sourcebuster2.9.4+dfsg1-7+deb10u4DSA-5142-1
libxml2sourcebullseye2.9.10+dfsg-6.7+deb11u2DSA-5142-1
libxml2source(unstable)2.9.14+dfsg-11010526

Notes

https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2272

Search for package or bug name: Reporting problems