CVE-2024-34459

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

References

Affected packages

Git / github.com/gnome/libxml2

Affected ranges

Type

GIT

Repo

https://github.com/gnome/libxml2

Events

Introduced

Fixed

58a973c40ba927e5ad941789723da7c47a2d60e3

Introduced

5e9b167dce73bd6a804ab107ae4c4b95e6849597

Fixed

0b6d8130737125ba45981d54be7f15fe398ad2e0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.11.8"
        },
        {
            "introduced": "2.12.0"
        },
        {
            "fixed": "2.12.7"
        }
    ]
}

Affected versions

v2.*

v2.12.0

v2.12.1

v2.12.2

v2.12.3

v2.12.4

v2.12.5

v2.12.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34459.json"