Felix Wilhelm reported that several buffer handling functions in
libxml2, a library providing support to read, modify and write XML and
HTML files, don't check for integer overflows, resulting in
out-of-bounds memory writes if specially crafted, multi-gigabyte XML
files are processed. An attacker can take advantage of this flaw for
denial of service or execution of arbitrary code.
For the oldstable distribution (buster), this problem has been fixed
in version 2.9.4+dfsg1-7+deb10u4.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your libxml2 packages.