AVG-2726 log

Package	libxml2
Status	Fixed
Severity	High
Type	arbitrary code execution
Affected	2.9.13-1
Fixed	2.9.14-1
Current	2.15.1-4 [core]
Ticket	None
Created	Wed May 18 20:08:59 2022

Issue	Severity	Remote	Type	Description
CVE-2022-29824	Medium	Unknown	Arbitrary code execution	Integer overflow in xmlBuf (buf.c) and xmlBuffer (tree.c) can lead to out-of-bounds memory writes exploitable when parsing crafted multi- gigabyte xml files.
CVE-2022-23308	High	Unknown	Arbitrary code execution	Use-after-free of ID and IDREF attributes in valid.c

Issue

Severity

Remote

Type

Description

CVE-2022-29824

Medium

Unknown

Arbitrary code execution

Integer overflow in xmlBuf (buf.c) and xmlBuffer (tree.c) can lead to out-of-bounds memory writes exploitable when parsing crafted multi- gigabyte xml files.

CVE-2022-23308

High

Unknown

Arbitrary code execution

Use-after-free of ID and IDREF attributes in valid.c