CVE-2024-34459

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.11.8 libxml2 versions 2.12.x prior to 2.12.7

Description An issue was discovered in xmllint, which is part of libxml2. The problem arises when formatting error messages with xmllint --htmlout, resulting in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. This can potentially lead to a denial of service.

Recommendations For libxml2 versions prior to 2.11.8, update to version 2.11.8 or later. For libxml2 versions 2.12.x prior to 2.12.7, update to version 2.12.7 or later. As a temporary workaround, consider avoiding the use of xmllint --htmlout until a patch is applied.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2024-8098

ALT-PU-2025-3717

AZL-42019

AZL-42027

CVE-2024-34459

DLA-4251-1

DSA-5949-1

ECHO-8B77-066D-6B10

MGASA-2024-0211

OESA-2024-1641

OPENSUSE-SU-2024:13971-1

OPENSUSE-SU-2024_2267-1

OPENSUSE-SU-2024_2279-1

OPENSUSE-SU-2024_2290-1

SUSE-SU-2024:2267-1

SUSE-SU-2024:2279-1

SUSE-SU-2024:2288-1

SUSE-SU-2024:2290-1

SUSE-SU-2024_2288-1

SUSE-SU-2024_2290-1

SUSE-SU-2025:20043-1

USN-7240-1

USN-7302-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Libxml2

CVE-2024-34459

Weakness Enumeration

Related Identifiers

Affected Products

References · 56