CVE-2022-29824

Integer Overflow or Wraparound in nuget/libxml2

Identifiers

CVE-2022-29824

Package Slug

nuget/libxml2

Vulnerability

Integer Overflow or Wraparound

Description

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Affected Versions

All versions before 2.9.14

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-05-10

source