cve/2022/CVE-2022-40304.md

CVE-2022-40304

Description

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

POC

Reference

• http://seclists.org/fulldisclosure/2022/Dec/21
• http://seclists.org/fulldisclosure/2022/Dec/24
• http://seclists.org/fulldisclosure/2022/Dec/25
• http://seclists.org/fulldisclosure/2022/Dec/26

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/seal-community/patches