HCE2-SA-2024-0162 Important HCE 2.0 Security Fix(es): In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don_x27;t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2_x27;s buffer functions, for example libxslt through 1.1.35, is affected as well. (CVE-2022-29824) An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303) An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. (CVE-2024-34459) An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304) HCE 2.0 libxml2-2.9.12-5.r29.hce2.aarch64.rpm libxml2-devel-2.9.12-5.r29.hce2.aarch64.rpm libxml2-help-2.9.12-5.r29.hce2.noarch.rpm python3-libxml2-2.9.12-5.r29.hce2.aarch64.rpm libxml2-2.9.12-5.r29.hce2.x86_64.rpm libxml2-devel-2.9.12-5.r29.hce2.x86_64.rpm python3-libxml2-2.9.12-5.r29.hce2.x86_64.rpm