OSV-2024-634

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libxml2/OSV-2024-634.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-634

Published

2024-07-13T00:03:44.049545Z

Modified

2024-07-13T00:03:44.049863Z

Summary

Heap-buffer-overflow in htmlCurrentChar

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70297

Crash type: Heap-buffer-overflow READ 1
Crash state:
htmlCurrentChar
htmlParseCharData
htmlParseContentInternal

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70297

Affected packages

OSS-Fuzz / libxml2

Package

Name: libxml2
Purl: pkg:generic/libxml2

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libxml2.git
Events: Introduced

da68639926eaf0010488450e99d7d6e8a011c591

Fixed

aa6aec19b094bb26e75c6582de2d429a8e134688

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "f51ad063a7fe01596745a6f330abf0f7991145c3:f48eefe3d0b5d82d46576f45a72b420568f5bc97",
    "fixed_range": "8af55c8d207134689b9f99ece45a8cdd525f7c4f:aa6aec19b094bb26e75c6582de2d429a8e134688"
}