CVE-2024-34459

Published: May 14, 2024Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

Affected (2)

Products: Xmlsoft: Libxml2

Xmlsoft

1 product

Libxml2

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Xmlsoft Libxml2	Before 2.11.8
Xmlsoft Libxml2	From 2.12.0 to 2.12.7

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (16)

https://gitlab.gnome.org/GNOME/libxml2/-/issues/720

Source: cve@mitre.org

ExploitIssue Tracking

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8

Source: cve@mitre.org

Release Notes

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7

Source: cve@mitre.org

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/issues/720