An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
[
{
"cpes": [
"cpe:2.3:a:xmlsoft:xmllint:*:*:*:*:*:*:*:*"
],
"vendor": "xmlsoft",
"product": "xmllint",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.11.8",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.12.0",
"lessThan": "2.12.7",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
gitlab.gnome.org/GNOME/libxml2/-/issues/720
gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8
gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/