CVE-2022-40303 Information

Description

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset typically leading to a segmentation fault.

Reference

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3