libxml2.so is vulnerable to Buffer over-read. The vulnerability is due to the xmllint --htmlout
command in the xmlHTMLPrintFileContext
function within xmllint.c
, allowing an attacker to potentially access sensitive information, cause a denial of service or execute arbitrary code.
github.com/GNOME/libxml2/commit/3ad7f81624572ebd5b9e6058c9f67d38207c10e2
gitlab.gnome.org/GNOME/libxml2/-/issues/720
gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8
gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/