CVE-2021-3517 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	A heap-based buffer overflow was found in libxml2 before version 2.9.11, as packaged in OpenJFX before version 8u312 in the javafx/web component, when processing truncated UTF-8 input.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2481	java8-openjfx, java8-openjfx-src	8.u202-3		High	Unknown	FS#72535
AVG-1883	libxml2	2.9.10-9	2.9.11-1	High	Fixed	FS#70822

References
https://bugzilla.redhat.com/show_bug.cgi?id=1954232 https://gitlab.gnome.org/GNOME/libxml2/-/issues/235 https://gitlab.gnome.org/GNOME/libxml2/-/issues/236 https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19

References

https://bugzilla.redhat.com/show_bug.cgi?id=1954232
https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
https://gitlab.gnome.org/GNOME/libxml2/-/issues/236
https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19