CVE-2024-34459
Published May 13, 2024
·Updated
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
Affected Software
9 affected componentsFixes available
Libxml2 xmllint<2.11.8
Libxml2 xmllint>2.12.0<2.12.7
debian/libxml2<=2.9.10+dfsg-6.7+deb11u4, <=2.9.10+dfsg-6.7+deb11u6, <=2.9.14+dfsg-1.3~deb12u1, <=2.12.7+dfsg+really2.9.14-0.2, <=2.12.7+dfsg+really2.9.14-0.3
Xmlsoft Libxml2<2.11.8
Xmlsoft Libxml2>=2.12.0<2.12.7
Microsoft azl3 libxml2 2.11.5-5
Microsoft cbl2 libxml2 2.10.4-6
Microsoft azl3 libxml2 2.11.5-3
Microsoft cbl2 libxml2 2.10.4-3
Event History
May 13, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
May 14, 2024
Data Sourced
via NVD·03:39 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:39 PM
Affected Software
May 17, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Jan 29, 2025
Data Sourced
via Launchpad·08:26 PM
Description
Feb 25, 2025
Data Sourced
via Ubuntu·11:59 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-34459?
CVE-2024-34459 is classified as a moderate severity vulnerability due to the potential for buffer over-read errors.
2
How do I fix CVE-2024-34459?
To fix CVE-2024-34459, upgrade xmllint to version 2.11.8 or 2.12.7 or later.
3
Which versions of xmllint are affected by CVE-2024-34459?
CVE-2024-34459 affects xmllint versions earlier than 2.11.8 and versions between 2.12.0 and 2.12.6.
4
What kind of issue does CVE-2024-34459 represent?
CVE-2024-34459 represents a buffer over-read vulnerability that affects the formatting of error messages.
5
Is there a known exploit for CVE-2024-34459?
As of now, there are no publicly reported exploits specifically targeting CVE-2024-34459.