CVE-2022-29824 libxml2 before 2.9.14 has a bug that can lead to memory write issues. This can affect applications that use libxml2.

CVE-2022-29824 libxml2 before 2.9.14 has a bug that can lead to memory write issues. This can affect applications that use libxml2.

This issue was originally reported in the LibXmlConvert RSS feed, where an XML file over 2 GB was opened. Thanks to the overwhelming response, the vendor was quickly notified, and a fix was committed within a few days. LibXml2 is the successor to LibXml, the open source project that created the XML specification and libxml2, the C library that implements that specification. LibXml2 is used by many different software projects, including Mozilla Thunderbird, Redis, Nginx, OpenStack, and Zimbra. In LibXml2, a buffer size of 2GB was considered high. However, the vendor was aware of the issue, and fixed it in a release within a few days of the initial report. As a result, LibXml2 is now safe for use with large XML documents.
The vendor is strongly recommending that consumers of LibXml2 upgrade to the latest release. LibXml2 is available on many different Linux distributions and on Windows. Upgrading is as simple as removing the old version of LibXml2 and installing the new one.

4 .3.1

The vendor recommends that consumers of LibXml2 upgrade to the latest release.
The vendor is strongly recommending that consumers of LibXml2 upgrade to the latest release.
4.3.1 was released on November 14, 2016, and fixes this issue.

LibXML 2.0 and 2.1

LibXml2 is a library that provides an API for processing XML documents. It includes a set of tools for converting between XML and other formats, as well as designing XML applications. LibXml2 was originally released in 2011, but was quickly replaced by LibXml2.0 in 2012. The biggest change in LibXml2.0 was the implementation of the buffer size limit which enforced 2GB of memory usage on a process. This release also fixed many bugs and introduced many new features to help developers with their projects. In 2013, LibXml2 was extended with new features that supported the newest versions of major XML standards like HTML5 and XQuery 3.0, as well as added support for specifications like XPath 2.0 and XSLT 1.1 .
The latest release, LibXml2 2.1 comes after a few bug fixes and introduces support for new standards like schema-less HTML5, which should make it easier for developers to use this library without having to worry about compatibility issues or limited code sizes (unlike previous releases).

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe