{"id":"CVE-2022-40304","details":"An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.","modified":"2026-06-01T08:07:09.816522Z","published":"2022-11-23T00:00:00Z","related":["ALSA-2023:0173","ALSA-2023:0338","CGA-m6vr-gjjq-xqp7","SUSE-SU-2022:3692-1","SUSE-SU-2022:3717-1","SUSE-SU-2022:3871-1","openSUSE-SU-2024:12419-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/40xxx/CVE-2022-40304.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags"},{"type":"WEB","url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"},{"type":"WEB","url":"https://support.apple.com/kb/HT213531"},{"type":"WEB","url":"https://support.apple.com/kb/HT213533"},{"type":"WEB","url":"https://support.apple.com/kb/HT213534"},{"type":"WEB","url":"https://support.apple.com/kb/HT213535"},{"type":"WEB","url":"https://support.apple.com/kb/HT213536"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/40xxx/CVE-2022-40304.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40304"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221209-0003/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Dec/21"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Dec/24"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Dec/25"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Dec/26"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Dec/27"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/libxml2","events":[{"introduced":"0"},{"fixed":"f507d167f1755b7eaea09fb1a44d29aab828b6d1"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"2.10.3"}],"cpe":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"}}],"versions":["v2.10.2","v2.10.1","v2.10.0","v2.9.13","v2.9.12","v2.9.11","CVE-2021-3541","v2.9.10","v2.9.10-rc1","v2.9.9","v2.9.9-rc2","v2.9.9-rc1","v2.9.8","v2.9.8-rc1","v2.9.7","v2.9.7-rc1","v2.9.6","v2.9.6-rc1","v2.9.5","v2.9.5-rc2","v2.9.5-rc1","v2.9.4","CVE-2016-3627","CVE-2016-1833","CVE-2016-1835","CVE-2016-1837","CVE-2016-1836","CVE-2016-1839","CVE-2016-1838","CVE-2016-1840","CVE-2016-4449","CVE-2016-4483","CVE-2016-1834","CVE-2016-3705","v2.9.4-rc2","v2.9.4-rc1","CVE-2016-1762","v2.9.3","CVE-2015-8242","CVE-2015-7500","CVE-2015-7499-2","CVE-2015-7499-1","CVE-2015-5312","CVE-2015-7497","CVE-2015-7498","CVE-2015-8035","CVE-2015-7942-2","CVE-2015-7942","CVE-2015-8317","CVE-2015-1819","CVE-2015-7941_2","CVE-2015-7941_1","v2.9.2","CVE-2014-3660","v2.9.2-rc2","v2.9.2-rc1","CVE-2014-0191","v2.9.1","CVE-2013-2877","v2.9.0","v2.9.0-rc2","v2.8.0","v2.8.0-rc2","v2.8.0-rc1","v2.7.8","v2.7.7","v2.7.6","v2.7.5","v2.7.4","LIBXML2.7.3","LIBXML2.7.2","LIBXML2.7.1","LIBXML2.7.0","LIBXML2.6.32","LIBXML2_2_6_28","LIBXML2_2_6_27","LIBXML2_2_6_26","LIBXML2_2_6_24","LIBXML2_2_6_23","LIBXML2_2_6_22","LIBXML2_2_6_21","LIBXML2_2_6_20","LIBXML2_2_6_19","LIBXML2_2_6_18","LIBXML2_2_6_16","LIBXML2_2_6_15","LIBXML2_2_6_14","LIBXML2_2_6_13","LIBXML2_2_6_12","LIBXML2_2_6_11","LIBXML_2_6_10","LIBXML2_2_6_9","LIBXML2_2_6_8","LIBXML2_2_6_7","LIBXML2_2_6_6","LIBXML2_2_6_5","LIBXML2_2_6_4","LIBXML2_2_6_3","LIBXML2_2_6_2","LIBXML2_2_6_1","LIBXML2_6_0","LIBXML2_2_5_x","LIBXML2_2_5_10","LIBXML2_2_5_9","LIBXML2_2_5_8","LIBXML2_2_5_7","LIBXML_2_5_6","LIBXML_2_5_5","LIBXML_2_5_4","LIBXML_2_5_3","LIBXML_2_5_2","LIBXML_2_5_1","LIBXML2_2_5_0","LIBXML_2_4_30","LIBXML_2_4_29","LIBXML_2_4_27","LIBXML_2_4_26","LIBXML_2_4_25","LIBXML_2_4_24","LIBXML_2_4_23","LIBXML_2_4_22","LIBXML2_2_4_21","LIBXML_2_4_20","LIBXML_2_4_18","LIBXML_2_4_13","LIBXML_2_4_16","LIBXML_2_4_14","LIBXML_2_4_12","LIBXML_2_4_11","LIBXML_2_4_7","LIBXML_2_4_6","LIBXML_2_4_4","LIBXML_2_4_3","LIBXML_2_4_2","LIBXML_2_4_0","LIBXML_2_3_14","LIBXML_2_3_13","LIBXML_2_3_12","LIBXML_2_3_11","LIBXML_2_3_10","LIBXML_2_3_9","LIBXML_2_3_8","help","LIBXML_2_3_7","LIBXML_2_3_6","LIBXML_2_3_5","LIBXML_2_3_4","LIBXML_2_3_3","LIBXML_2_3_2","PRE_MUCKUP3","PRE_MUCKUP2","PRE_MUCKUP","LIBXML_2_3_0","LIBXML_2_2_8","LIBXML_2_2_7","LIBXML_2_2_6","LIBXML_2_2_4","GNOME_PRINT_0_24","LIBXML_2_2_3","LIBXML_2_2_1","LIBXML_2_1_1","LIBXML_2_1_0","LIB_XML_1_X","EAZEL-NAUTILUS-MS-AUG07","LIBXML_2_0_0","LIBXML_TEST_2_0_0","LIBXML_1_8_6","LIBXML_1_8_5","LIB_XML_1_8_3","LIB_XML_1_7_3","LIB_XML_1_7_1","LIB_XML_1_7_0","LIB_XML_1_6_2","LIB_XML_1_6_1","LIBXML_1_5_0","LIB_XML_1_4","LIB_XML_1_3","LIB_XML_1_1","FOR_GNOME_0_99_1","LIBXML_0_99","GNUMERIC_FIRST_PUBLIC_RELEASE","GNOME_0_30"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-40304.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/gnome/libxml2","events":[{"introduced":"0"},{"fixed":"f507d167f1755b7eaea09fb1a44d29aab828b6d1"},{"fixed":"1b41ec4e9433b05bb0376be4725804c54ef1d80b"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2.10.3"}],"cpe":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"}}],"versions":["v2.10.2","v2.10.1","v2.10.0","v2.9.13","v2.9.12","v2.9.11","CVE-2021-3541","v2.9.10","v2.9.10-rc1","v2.9.9","v2.9.9-rc2","v2.9.9-rc1","v2.9.8","v2.9.8-rc1","v2.9.7","v2.9.7-rc1","v2.9.6","v2.9.6-rc1","v2.9.5","v2.9.5-rc2","v2.9.5-rc1","v2.9.4","CVE-2016-3627","CVE-2016-1833","CVE-2016-1835","CVE-2016-1837","CVE-2016-1836","CVE-2016-1839","CVE-2016-1838","CVE-2016-1840","CVE-2016-4449","CVE-2016-4483","CVE-2016-1834","CVE-2016-3705","v2.9.4-rc2","v2.9.4-rc1","CVE-2016-1762","v2.9.3","CVE-2015-8242","CVE-2015-7500","CVE-2015-7499-2","CVE-2015-7499-1","CVE-2015-5312","CVE-2015-7497","CVE-2015-7498","CVE-2015-8035","CVE-2015-7942-2","CVE-2015-7942","CVE-2015-8317","CVE-2015-1819","CVE-2015-7941_2","CVE-2015-7941_1","v2.9.2","CVE-2014-3660","v2.9.2-rc2","v2.9.2-rc1","CVE-2014-0191","v2.9.1","CVE-2013-2877","v2.9.0","v2.9.0-rc2","v2.8.0","v2.8.0-rc2","v2.8.0-rc1","v2.7.8","v2.7.7","v2.7.6","v2.7.5","v2.7.4","LIBXML2.7.3","LIBXML2.7.2","LIBXML2.7.1","LIBXML2.7.0","LIBXML2.6.32","LIBXML2_2_6_28","LIBXML2_2_6_27","LIBXML2_2_6_26","LIBXML2_2_6_24","LIBXML2_2_6_23","LIBXML2_2_6_22","LIBXML2_2_6_21","LIBXML2_2_6_20","LIBXML2_2_6_19","LIBXML2_2_6_18","LIBXML2_2_6_16","LIBXML2_2_6_15","LIBXML2_2_6_14","LIBXML2_2_6_13","LIBXML2_2_6_12","LIBXML2_2_6_11","LIBXML_2_6_10","LIBXML2_2_6_9","LIBXML2_2_6_8","LIBXML2_2_6_7","LIBXML2_2_6_6","LIBXML2_2_6_5","LIBXML2_2_6_4","LIBXML2_2_6_3","LIBXML2_2_6_2","LIBXML2_2_6_1","LIBXML2_6_0","LIBXML2_2_5_x","LIBXML2_2_5_10","LIBXML2_2_5_9","LIBXML2_2_5_8","LIBXML2_2_5_7","LIBXML_2_5_6","LIBXML_2_5_5","LIBXML_2_5_4","LIBXML_2_5_3","LIBXML_2_5_2","LIBXML_2_5_1","LIBXML2_2_5_0","LIBXML_2_4_30","LIBXML_2_4_29","LIBXML_2_4_27","LIBXML_2_4_26","LIBXML_2_4_25","LIBXML_2_4_24","LIBXML_2_4_23","LIBXML_2_4_22","LIBXML2_2_4_21","LIBXML_2_4_20","LIBXML_2_4_18","LIBXML_2_4_13","LIBXML_2_4_16","LIBXML_2_4_14","LIBXML_2_4_12","LIBXML_2_4_11","LIBXML_2_4_7","LIBXML_2_4_6","LIBXML_2_4_4","LIBXML_2_4_3","LIBXML_2_4_2","LIBXML_2_4_0","LIBXML_2_3_14","LIBXML_2_3_13","LIBXML_2_3_12","LIBXML_2_3_11","LIBXML_2_3_10","LIBXML_2_3_9","LIBXML_2_3_8","help","LIBXML_2_3_7","LIBXML_2_3_6","LIBXML_2_3_5","LIBXML_2_3_4","LIBXML_2_3_3","LIBXML_2_3_2","PRE_MUCKUP3","PRE_MUCKUP2","PRE_MUCKUP","LIBXML_2_3_0","LIBXML_2_2_8","LIBXML_2_2_7","LIBXML_2_2_6","LIBXML_2_2_4","GNOME_PRINT_0_24","LIBXML_2_2_3","LIBXML_2_2_1","LIBXML_2_1_1","LIBXML_2_1_0","LIB_XML_1_X","EAZEL-NAUTILUS-MS-AUG07","LIBXML_2_0_0","LIBXML_TEST_2_0_0","LIBXML_1_8_6","LIBXML_1_8_5","LIB_XML_1_8_3","LIB_XML_1_7_3","LIB_XML_1_7_1","LIB_XML_1_7_0","LIB_XML_1_6_2","LIB_XML_1_6_1","LIBXML_1_5_0","LIB_XML_1_4","LIB_XML_1_3","LIB_XML_1_1","FOR_GNOME_0_99_1","LIBXML_0_99","GNUMERIC_FIRST_PUBLIC_RELEASE","GNOME_0_30"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-40304.json","vanir_signatures_modified":"2026-06-01T08:07:09Z","vanir_signatures":[{"signature_type":"Function","deprecated":false,"id":"CVE-2022-40304-24b12f12","signature_version":"v1","source":"https://gitlab.gnome.org/gnome/libxml2@1b41ec4e9433b05bb0376be4725804c54ef1d80b","digest":{"function_hash":"212469072739278288309289786806033539927","length":1518},"target":{"function":"xmlFreeEntity","file":"entities.c"}},{"signature_type":"Function","deprecated":false,"id":"CVE-2022-40304-b3ca4f64","signature_version":"v1","source":"https://gitlab.gnome.org/gnome/libxml2@1b41ec4e9433b05bb0376be4725804c54ef1d80b","digest":{"function_hash":"8557866305532818140713559980477253807","length":1174},"target":{"function":"xmlCreateEntity","file":"entities.c"}},{"signature_type":"Line","deprecated":false,"id":"CVE-2022-40304-c9063166","signature_version":"v1","source":"https://gitlab.gnome.org/gnome/libxml2@1b41ec4e9433b05bb0376be4725804c54ef1d80b","digest":{"threshold":0.9,"line_hashes":["190634309909365081572002964407253390679","20981680598902946597459201174086077651","135843228308911638673221580279593924552","271415920501539270409818771333293193896","186202718443874429665500032856239860646","32088003333689128658313958731218420663","44854604637128393226590259948466683756","83584544373375457504351447727436542090","22139364655739247051689193855732986544","208674971791359833230249325535172527155","266066056691113486615055456167162324174","313341472861122787965230127183017085052","127246761576932228108426114084403362830","78839942765528730925746383588030003090","236478687228405542599739329630909915056","245905885476591261846000206262995077905","337884462249140212206220716934032023572","200369385658860404298075823919733363331","34954884922395009518202216480267812096","77337070722703062369588001713270798945","242458885784932244582738195390255882943","81302689171149179324244108486628716980","221227936269076106976937737383859706862","263301782477819491026734216585822386774","302177671052737766655115027868189079618","201536121183659372662912577180426576551","188721642947628140206203838293447428215","138533467519930953247435247287428716584","108601975786066442389999829442449230000","231141905344525440643245490934281708454","124281652967162078265088719179719004604","296716198641811836580688440062790141425","106652085057826332825731245215327335082","84797466063776963283596362932182636183","305642424639555715981956811880573835991","326594552024490137922567897574735822816","120050400841177294112893518169352104865","163012958334194570575329210130758997215","62991651390362493403073226293187881788","156277527602119723146761073091882877465","258254701040536153668645260100060120855","46763122142022486641542133773457232365","275348114928367355877731400569713379273","267821946119455383337763212212522317663","143641219971710333464881101828664565438","187283542437493006705000548602924845765","321856565995081156862682941697761830569","36512508789285488580383488773230505393"]},"target":{"file":"entities.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}