Bug 2280532 (CVE-2024-34459)

Summary: CVE-2024-34459 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: agarcial, aoconnor, aprice, asegurap, bdettelb, caswilli, csutherl, dfreiber, dkuc, drow, fjansen, gsuckevi, hkataria, jburrell, jclere, jmitchel, jsamir, jsherril, jtanner, kaycoth, kholdawa, kshier, luizcosta, mpierce, nweather, oezr, orabin, pjindal, plodge, psegedy, sidakwo, stcannon, sthirugn, szappis, vkrizan, vkumar, vmugicag, xiaoxwan, yguenane, zzhou
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libxml2 2.11.8, libxml2 2.12.7 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2280534, 2280535, 2280536, 2280537, 2280538, 2280539    
Bug Blocks: 2280533    

Description Rohit Keshri 2024-05-15 05:53:07 UTC 
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/720

Upstream patches:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/3ad7f81624572ebd5b9e6058c9f67d38207c10e2
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce
Comment 1 Rohit Keshri 2024-05-15 06:01:56 UTC 
Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 2280539]


Created mingw-libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 2280535]


Created pcem tracking bugs for this issue:

Affects: fedora-all [bug 2280536]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2280534]
Affects: fedora-all [bug 2280537]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2280538]