CVE-2022-40303

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-190
View all →

Vulnerability Description

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Related Vulnerabilities

CVE-2011-1298

HIGH
CVSS:7.5(High)

An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.

CWE-1902011

CVE-2012-1610

HIGH
CVSS:7.5(High)

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component coun...

CWE-1902012

CVE-2013-2806

HIGH
CVSS:7.5(High)

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic...

CWE-1902013

CVE-2013-2807

HIGH
CVSS:7.5(High)

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic...

CWE-1902013

CVE-2015-1529

HIGH
CVSS:7.5(High)

Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors.

CWE-1902015

CVE-2015-7848

HIGH
CVSS:7.5(High)

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct ...

CWE-1902015