| Package | libxml2 |
|---|---|
| Version | 2.9.1+dfsg1-5+deb8u13 |
| Related CVEs | CVE-2022-29824 |
Felix Wilhelm discovered that libxml2, the GNOME XML library, did not correctly check for integer overflows or used wrong types for buffer sizes. This could result in out-of-bounds writes or other memory errors when working on large, multi-gigabyte buffers.
For Debian 8 jessie, these problems have been fixed in version 2.9.1+dfsg1-5+deb8u13.
We recommend that you upgrade your libxml2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.