VYPR

apk package

wolfi/libxml2

pkg:apk/wolfi/libxml2

Vulnerabilities (3)

  • CVE-2023-45322Oct 6, 2023
    affected < 2.11.5-r1fixed 2.11.5-r1

    libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically ca

  • CVE-2022-40304Nov 23, 2022
    affected < 0fixed 0

    An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

  • CVE-2022-40303Nov 22, 2022
    affected < 0fixed 0

    An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmen