On 29/10/2019 14:30, Raphael de Carvalho Muniz wrote:
I found in the commit history of Libxml2 (commit 9acef28) the presence of the following code snippet in the libxml.c file (Lines 1,597 - 1,612).
More specifically python/libxml.c which is part of the Python bindings.
I believe that this commit presents a weakness that, If format strings can be influenced by an attacker, they can be exploited.
libxml_buildMessage is only called from error handlers which should never receive format strings from an external source.
You can't just pick a function that calls printf with a variable format string and assume that it's vulnerable. It depends on how the function is called and which format strings it receives.
Nick _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml