DSA-5142-1 libxml2 -- libxml2ID: oval:org.secpod.oval:def:607778 | Date: (C)2022-05-26 (M)2023-07-17 |
Class: PATCH | Family: unix |
Felix Wilhelm reported that several buffer handling functions in libxml2, a library providing support to read, modify and write XML and HTML files, don"t check for integer overflows, resulting in out-of-bounds memory writes if specially crafted, multi-gigabyte XML files are processed. An attacker can take advantage of this flaw for denial of service or execution of arbitrary code.
Platform: |
Debian 10.x |
Debian 11.x |
Product: |
python3-libxml2 |
python-libxml2 |
libxml2 |