CVE-2024-34459
Publication date 14 May 2024
Last updated 24 July 2024
Ubuntu priority
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
Read the notes from the security team
Why is this CVE low priority?
just a crash in a command line tool
Status
Package | Ubuntu Release | Status |
---|---|---|
libxml2 | 24.10 oracular |
Needs evaluation
|
24.04 LTS noble |
Needs evaluation
|
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of ESM support, was needs-triage |
Notes
mdeslaur
this is just a crash via OOB read in a the command-line xmllint tool, there is very little security impact here