Wind River Support Network

HomeDefectsLIN1021-3482
Fixed

LIN1021-3482 : Security Advisory - libxml2 - CVE-2022-29824

Created: May 4, 2022    Updated: Mar 13, 2025
Resolved Date: Jun 9, 2022
Found In Version: 10.21.20.1
Fix Version: 10.21.20.13
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

CREATE(Triage):(User=admin) CVE-2022-29824 (https://nvd.nist.gov/vuln/detail/CVE-2022-29824)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube