CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
76.5%
Integer overflows with XML_PARSE_HUGE. (CVE-2022-40303) Dict corruption caused by entity reference cycles. (CVE-2022-40304)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | libxml2 | < 2.9.10-7.6 | libxml2-2.9.10-7.6.mga8 |
bugs.mageia.org/show_bug.cgi?id=31020
lists.fedoraproject.org/archives/list/[email protected]/thread/MNZAUJGHSPCIYDNVSWTSDYNJMQW7Z2JZ/
lists.opensuse.org/archives/list/[email protected]/thread/GF5AQ5CKRNM4375JOAHV5NMVNYQGEASN/
lists.suse.com/pipermail/sle-security-updates/2022-October/012663.html
www.debian.org/lts/security/2022/dla-3172