Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 842261 (CVE-2022-29824) - <dev-libs/libxml2-2.9.14: Integer overflows in xmlBuf and xmlBuffer
Summary: <dev-libs/libxml2-2.9.14: Integer overflows in xmlBuf and xmlBuffer
Alias: CVE-2022-29824
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa? cleanup]
Depends on: 842297 847127
  Show dependency tree
Reported: 2022-05-03 00:23 UTC by Sam James
Modified: 2022-05-28 04:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-05-03 00:23:06 UTC

In several places, the code handling string buffers didn't check for
integer overflow or used wrong types for buffer sizes. This could
result in out-of-bounds writes or other memory errors when working on
large, multi-gigabyte buffers.

Thanks to Felix Wilhelm for the report.
Comment 1 Larry the Git Cow gentoo-dev 2022-05-03 00:50:06 UTC
The bug has been referenced in the following commit(s):

commit 8bbbe5e4ec96f6c8b2d2858f9c23fa8a24a797f2
Author:     Sam James <>
AuthorDate: 2022-05-03 00:38:04 +0000
Commit:     Sam James <>
CommitDate: 2022-05-03 00:39:01 +0000

    dev-libs/libxml2: add 2.9.14
    Signed-off-by: Sam James <>

 dev-libs/libxml2/Manifest                          |   1 +
 .../files/libxml2-2.9.13-testapi-missing-xml.patch |   9 -
 .../files/libxml2-2.9.8-out-of-tree-test.patch     |  31 ++++
 dev-libs/libxml2/libxml2-2.9.14.ebuild             | 193 +++++++++++++++++++++
 dev-libs/libxml2/libxml2-9999.ebuild               |  51 +++---
 5 files changed, 255 insertions(+), 30 deletions(-)