Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Related bugs and status

CVE-2022-40303 (Candidate) is related to these bugs:

Bug #1996494: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash)

Summary				In	Importance	Status
	1996494	CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash)		libxml2 (Ubuntu)	Undecided	Fix Released

Bug #1999991: [Debian] CVE: CVE-2022-40303: libxml2: leading to a segmentation fault

Summary				In	Importance	Status
	1999991	[Debian] CVE: CVE-2022-40303: libxml2: leading to a segmentation fault		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://gitlab.gnome.o...
MISC: https://gitlab.gnome.o...
CONFIRM: https://security.netap...
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
FULLDISC: 20221220 APPLE-SA-2022...
FULLDISC: 20221220 APPLE-SA-2022...
FULLDISC: 20221220 APPLE-SA-2022...
FULLDISC: 20221220 APPLE-SA-2022...
FULLDISC: 20221220 APPLE-SA-2022...