Felix Wilhelm reported that several buffer handling functions in libxml2, a library providing support to read, modify and write XML and HTML files, don't check for integer overflows, resulting in out-of-bounds memory writes if specially crafted, multi-gigabyte XML files are processed. An attacker can take advantage of this flaw for denial of service or execution of arbitrary code.
Continue reading...
Continue reading...