In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
{ "vanir_signatures": [ { "deprecated": false, "digest": { "function_hash": "115263354842861904442748132514723815592", "length": 391.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-07a72990", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferCreateStatic" } }, { "deprecated": false, "digest": { "function_hash": "75850300764543775076996218073100501490", "length": 808.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-10e231d6", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferAdd" } }, { "deprecated": false, "digest": { "function_hash": "58844807220583953519977966836648942135", "length": 1363.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-130e8615", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufGrowInternal" } }, { "deprecated": false, "digest": { "line_hashes": [ "166347249643066493482164082916768196209", "188691293708940955113685691668323440391", "43724771782081554494176458881448300061", "329541917878089861333628355206373841292", "244815610199557116003447537492418988037", "140686149888498718352682001110293928195", "146106074986306830291803050869321938522", "302649483888263188516292074617914907785", "326512487203366469745341770425483579598", "99471222112658515431024737476116654868", "293933881918316690407571828802499261839", "212955913094921663464961580221405480340", "260833132063199916061396082469494631228", "563145196984672289991885340766921694", "32824100409815381084192945656371530291", "314453343157425636086878203536308303906", "698068405543228949315139045334893123", "118600870656940385459781550635123886114", "270340679690179128994753399691279421786", "26183435788473482089393976134697201388", "281004840733422946454406306680650676791", "316561384226399031813268865154692736373", "97992013892078582400544259536764303412", "1162479033526895615173863014037153558", "220050959054061562763313704555696060290", "73077681559562273397128705154712592178", "229734987643969586507802206212902560208", "321146100040694750670569673842329245472", "259003298076650343194221306781819630314", "208963989065717115771997796521043825385", "69826210049579911544261058946047890233", "252712773309582500429394977391673631876", "162111704932719766527778773124917140644", "28330267585813390556621014933110114238", "184252951234454387491372882751654158787", "101524419926075112169819048536445279992", "222856578673771745252375797198236860644", "42367945794127130229185010334900532173", "168007625913870093211297660968928319053", "129140094033548486519772814962332421811", "197643393352493719603368801258740728242", "148426172950277016519704492366555268245", "9017577952774986457994686053509708575", "120128024476881717726868872398102789021", "162111704932719766527778773124917140644", "28330267585813390556621014933110114238", "128706768146980684009727114754490936966", "282050926116276813422971100562048838966", "185733559129862549706259877960102410911", "257651541500714394835884747665347804718", "314005034077235630998938419332007116091", "223046297467060732280273520612925907729", "9373473082227868337552830985122564197", "246691431004006287082185432655182933721", "125494467620307806474896423774992127073", "155112725940892278797289588648459173779", "290488032303260205569689376411713020503", "93692528096573125077453216197077753382", "162531107462827733444482690548862474293", "320146427403264049983109414849766355169", "41093209398700043461113339669438079716", "248806804675953686317307435715043387525", "124839663049236222337804488516657719906", "281422489119680409661308498832714722939", "317525451668299360050946602638864595270", "76004674246076111263504267445220465515", "333080562611234356508294531428907257609", "183856726123885176230034482489754910788", "121276464953041064409130541449682558256", "262457651961160871347649868297942569406", "204554871039360322594254126051197287412", "59678033486978346872430658989464860271", "70158614366306747252773121205281701501", "267871884567140900541406032970430679572", "210868542731533088872037717853278212299", "54321272015591656966183131510267039353", "300636302051406341579809817970758465970", "114307351633580109942508704785606142065", "149556561804967540010889167666222635", "126102627799916820003257174205859902326", "238433400840669369277909221182332471064", "74789413078866356061854028644903100361", "196541913226344732177528816320018744850", "86953962388419755172552221437460305272", "152325669878287980676385337838366917807", "203014656296905257722134362817778307954" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Line", "id": "CVE-2022-29824-2030b6a2", "signature_version": "v1", "target": { "file": "buf.c" } }, { "deprecated": false, "digest": { "function_hash": "279040109283899741761505529617154937844", "length": 696.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-28c9e8a7", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufCCat" } }, { "deprecated": false, "digest": { "function_hash": "135818614898132221850781778317523237741", "length": 2135.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-2ed41fe7", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufResize" } }, { "deprecated": false, "digest": { "function_hash": "329490277066729456665976458093342219236", "length": 1943.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-46619c61", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferResize" } }, { "deprecated": false, "digest": { "line_hashes": [ "89234444919432577874083340679230379303", "102916874051844224561382165713321585742", "77444374321772040333229124462046667657", "51594386084393692917076001511541815740", "59463072141900048719177539730091171494", "108689423914536070173501179218123167571", "73257213247763993533496237851287787992", "319179439162218741642968220270175076963", "75410353055119966637611836347710837355", "195511418702759558878519149258289724254", "156032590481637546762781245566563834651", "320854918323617311581622545899598404078", "91349951261779144057279149319065410150", "158663398050629213416691233929022609351", "148208200016623134163652184959082611648", "293471043524232641750950816227232367738", "237412170703058195350751846044492179660", "224278012244390325805897710119544925701", "34745244652274053591183604041289994350", "271125935585698496011359420417760673031", "157451063679879768666014837875398662660", "270340679690179128994753399691279421786", "26183435788473482089393976134697201388", "281004840733422946454406306680650676791", "213240285820731737198688037196362571039", "59447953445665394779946557712932618998", "59048698281438307454149500192640077533", "253076007439031769530591964494115411109", "98849895861139007217499264803420916664", "15872212956386959690716862749437419510", "190918742952094896940725673912074466236", "184252951234454387491372882751654158787", "101524419926075112169819048536445279992", "222856578673771745252375797198236860644", "42367945794127130229185010334900532173", "128706768146980684009727114754490936966", "282050926116276813422971100562048838966", "185733559129862549706259877960102410911", "257651541500714394835884747665347804718", "125494467620307806474896423774992127073", "155112725940892278797289588648459173779", "144107424695018227823174500641865694158", "329658310824477512673917223479332350792", "253501362365362261838178308390829863618", "56678892274578363022038299279641037568", "296564371763363186997734581759769504997", "256596168500450307178183219637948857331", "175564203452412318719901373700835126771", "259176317066360743309834788194017659032", "93659423589605830448113090747279768550", "333080562611234356508294531428907257609", "200850415624474903331792716066178925196", "154261872677536038005339415136814693187", "173812770167697501499373364699710906939", "261942566178772813330835626491318086275", "59678033486978346872430658989464860271", "70158614366306747252773121205281701501", "99141068507978896108147016306824284849", "155219244607257420645989994945934079615", "196162282640393496862882995582389352198", "42683212875386056739784628071452822463", "333481168434121518198938619946845139099", "149556561804967540010889167666222635", "126102627799916820003257174205859902326", "238433400840669369277909221182332471064", "40321965259728005660230012201413574805", "306161785279082629334097815571393141949", "340162154322791126391395525942509696843", "338612865929265833821176240781639632750" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Line", "id": "CVE-2022-29824-5a249cd2", "signature_version": "v1", "target": { "file": "tree.c" } }, { "deprecated": false, "digest": { "function_hash": "58844807220583953519977966836648942135", "length": 1363.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-625a6cd9", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufGrowInternal" } }, { "deprecated": false, "digest": { "function_hash": "329490277066729456665976458093342219236", "length": 1943.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-625bd4ae", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferResize" } }, { "deprecated": false, "digest": { "function_hash": "228242378662408118440566631650494500046", "length": 573.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-72f67acb", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferCreateSize" } }, { "deprecated": false, "digest": { "function_hash": "228242378662408118440566631650494500046", "length": 573.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-732cd543", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferCreateSize" } }, { "deprecated": false, "digest": { "function_hash": "279040109283899741761505529617154937844", "length": 696.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-79850ecb", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufCCat" } }, { "deprecated": false, "digest": { "function_hash": "149293193283032866651839431809006417940", "length": 618.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-7b6b880f", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferCCat" } }, { "deprecated": false, "digest": { "function_hash": "326780113895743950529385541417657705895", "length": 953.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-7ea5224d", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferGrow" } }, { "deprecated": false, "digest": { "function_hash": "149293193283032866651839431809006417940", "length": 618.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-819588e8", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferCCat" } }, { "deprecated": false, "digest": { "function_hash": "32699890931358648660868097432135180665", "length": 644.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-88c4fd17", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufCreateSize" } }, { "deprecated": false, "digest": { "function_hash": "128747764254328465175297106964046518678", "length": 1042.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-93722ae4", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufAdd" } }, { "deprecated": false, "digest": { "function_hash": "115263354842861904442748132514723815592", "length": 391.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-a0a69c85", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferCreateStatic" } }, { "deprecated": false, "digest": { "function_hash": "326780113895743950529385541417657705895", "length": 953.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-b399b8a6", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferGrow" } }, { "deprecated": false, "digest": { "line_hashes": [ "166347249643066493482164082916768196209", "188691293708940955113685691668323440391", "43724771782081554494176458881448300061", "329541917878089861333628355206373841292", "244815610199557116003447537492418988037", "140686149888498718352682001110293928195", "146106074986306830291803050869321938522", "304819344165435105038768376251470155683", "104375008876174573249014515538275853471", "179362841185435024797489298248640554731", "212955913094921663464961580221405480340", "260833132063199916061396082469494631228", "563145196984672289991885340766921694", "32824100409815381084192945656371530291", "314453343157425636086878203536308303906", "698068405543228949315139045334893123", "118600870656940385459781550635123886114", "270340679690179128994753399691279421786", "26183435788473482089393976134697201388", "281004840733422946454406306680650676791", "316561384226399031813268865154692736373", "97992013892078582400544259536764303412", "1162479033526895615173863014037153558", "220050959054061562763313704555696060290", "73077681559562273397128705154712592178", "229734987643969586507802206212902560208", "321146100040694750670569673842329245472", "259003298076650343194221306781819630314", "208963989065717115771997796521043825385", "69826210049579911544261058946047890233", "252712773309582500429394977391673631876", "162111704932719766527778773124917140644", "28330267585813390556621014933110114238", "184252951234454387491372882751654158787", "101524419926075112169819048536445279992", "222856578673771745252375797198236860644", "42367945794127130229185010334900532173", "168007625913870093211297660968928319053", "129140094033548486519772814962332421811", "197643393352493719603368801258740728242", "148426172950277016519704492366555268245", "9017577952774986457994686053509708575", "120128024476881717726868872398102789021", "162111704932719766527778773124917140644", "28330267585813390556621014933110114238", "128706768146980684009727114754490936966", "282050926116276813422971100562048838966", "185733559129862549706259877960102410911", "257651541500714394835884747665347804718", "314005034077235630998938419332007116091", "223046297467060732280273520612925907729", "9373473082227868337552830985122564197", "246691431004006287082185432655182933721", "125494467620307806474896423774992127073", "155112725940892278797289588648459173779", "290488032303260205569689376411713020503", "93692528096573125077453216197077753382", "162531107462827733444482690548862474293", "320146427403264049983109414849766355169", "41093209398700043461113339669438079716", "248806804675953686317307435715043387525", "124839663049236222337804488516657719906", "281422489119680409661308498832714722939", "317525451668299360050946602638864595270", "76004674246076111263504267445220465515", "333080562611234356508294531428907257609", "183856726123885176230034482489754910788", "121276464953041064409130541449682558256", "262457651961160871347649868297942569406", "204554871039360322594254126051197287412", "59678033486978346872430658989464860271", "70158614366306747252773121205281701501", "267871884567140900541406032970430679572", "210868542731533088872037717853278212299", "54321272015591656966183131510267039353", "300636302051406341579809817970758465970", "114307351633580109942508704785606142065", "149556561804967540010889167666222635", "126102627799916820003257174205859902326", "238433400840669369277909221182332471064", "74789413078866356061854028644903100361", "196541913226344732177528816320018744850", "86953962388419755172552221437460305272", "152325669878287980676385337838366917807", "203014656296905257722134362817778307954" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Line", "id": "CVE-2022-29824-cba6cf2b", "signature_version": "v1", "target": { "file": "buf.c" } }, { "deprecated": false, "digest": { "line_hashes": [ "89234444919432577874083340679230379303", "102916874051844224561382165713321585742", "77444374321772040333229124462046667657", "51594386084393692917076001511541815740", "59463072141900048719177539730091171494", "108689423914536070173501179218123167571", "73257213247763993533496237851287787992", "319179439162218741642968220270175076963", "75410353055119966637611836347710837355", "195511418702759558878519149258289724254", "156032590481637546762781245566563834651", "320854918323617311581622545899598404078", "91349951261779144057279149319065410150", "158663398050629213416691233929022609351", "148208200016623134163652184959082611648", "293471043524232641750950816227232367738", "237412170703058195350751846044492179660", "224278012244390325805897710119544925701", "34745244652274053591183604041289994350", "271125935585698496011359420417760673031", "157451063679879768666014837875398662660", "270340679690179128994753399691279421786", "26183435788473482089393976134697201388", "281004840733422946454406306680650676791", "213240285820731737198688037196362571039", "59447953445665394779946557712932618998", "59048698281438307454149500192640077533", "253076007439031769530591964494115411109", "98849895861139007217499264803420916664", "15872212956386959690716862749437419510", "190918742952094896940725673912074466236", "184252951234454387491372882751654158787", "101524419926075112169819048536445279992", "222856578673771745252375797198236860644", "42367945794127130229185010334900532173", "128706768146980684009727114754490936966", "282050926116276813422971100562048838966", "185733559129862549706259877960102410911", "257651541500714394835884747665347804718", "125494467620307806474896423774992127073", "155112725940892278797289588648459173779", "144107424695018227823174500641865694158", "329658310824477512673917223479332350792", "253501362365362261838178308390829863618", "56678892274578363022038299279641037568", "296564371763363186997734581759769504997", "256596168500450307178183219637948857331", "175564203452412318719901373700835126771", "259176317066360743309834788194017659032", "93659423589605830448113090747279768550", "333080562611234356508294531428907257609", "200850415624474903331792716066178925196", "154261872677536038005339415136814693187", "173812770167697501499373364699710906939", "261942566178772813330835626491318086275", "59678033486978346872430658989464860271", "70158614366306747252773121205281701501", "99141068507978896108147016306824284849", "155219244607257420645989994945934079615", "196162282640393496862882995582389352198", "42683212875386056739784628071452822463", "333481168434121518198938619946845139099", "149556561804967540010889167666222635", "126102627799916820003257174205859902326", "238433400840669369277909221182332471064", "40321965259728005660230012201413574805", "306161785279082629334097815571393141949", "340162154322791126391395525942509696843", "338612865929265833821176240781639632750" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Line", "id": "CVE-2022-29824-d9730754", "signature_version": "v1", "target": { "file": "tree.c" } }, { "deprecated": false, "digest": { "function_hash": "75850300764543775076996218073100501490", "length": 808.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-e34d3b20", "signature_version": "v1", "target": { "file": "tree.c", "function": "xmlBufferAdd" } }, { "deprecated": false, "digest": { "function_hash": "128747764254328465175297106964046518678", "length": 1042.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-e9c47194", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufAdd" } }, { "deprecated": false, "digest": { "function_hash": "135818614898132221850781778317523237741", "length": 2135.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@6c283d83eccd940bcde15634ac8c7f100e3caefd", "signature_type": "Function", "id": "CVE-2022-29824-eeb2365d", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufResize" } }, { "deprecated": false, "digest": { "function_hash": "242532867002527404152383095403649546609", "length": 695.0 }, "source": "https://gitlab.gnome.org/GNOME/libxml2@2554a2408e09f13652049e5ffb0d26196b02ebab", "signature_type": "Function", "id": "CVE-2022-29824-fca2f583", "signature_version": "v1", "target": { "file": "buf.c", "function": "xmlBufCreateSize" } } ] }