CVE-2022-40303

Updated: 2025-08-20 00:17:02.473874

Description:

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU libxml2 2.9.13 7.5 HIGH Already Fixed 2023-11-08 08:35:55
CentOS 6 ELS libxml2 2.7.6 7.5 HIGH Released CLSA-2022:1670521677 2022-12-29 19:54:14
CentOS 7 ELS libxml2 2.9.1 7.5 HIGH Released CLSA-2023:1696537106 2023-10-05 17:08:30
CentOS 8.4 ELS libxml2 2.9.7-9 7.5 HIGH Released CLSA-2022:1670523403 2022-12-08 16:03:16
CentOS 8.5 ELS libxml2 2.9.7-9 7.5 HIGH Released CLSA-2022:1670523520 2022-12-08 16:03:16
CloudLinux 6 ELS libxml2 2.7.6 7.5 HIGH Released CLSA-2022:1670522760 2022-12-29 19:54:13
Debian 10 ELS libxml2 2.9.4 7.5 HIGH Already Fixed 2025-10-23 15:01:31
Oracle Linux 6 ELS libxml2 2.7.6 7.5 HIGH Released CLSA-2022:1670522857 2022-12-08 16:03:16
Ubuntu 16.04 ELS libxml2 2.9.3 7.5 HIGH Released CLSA-2022:1670518262 2022-12-08 13:03:20
Ubuntu 18.04 ELS libxml2 2.9.4 7.5 HIGH Already Fixed 2023-06-02 09:09:52