cve/2022/CVE-2022-40303.md

CVE-2022-40303

Description

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

POC

Reference

• http://seclists.org/fulldisclosure/2022/Dec/21
• http://seclists.org/fulldisclosure/2022/Dec/24
• http://seclists.org/fulldisclosure/2022/Dec/25
• http://seclists.org/fulldisclosure/2022/Dec/26

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/seal-community/patches