Written in the C programming language and originally developed for the Gnome project, libxml2 is a software library for parsing XML documents.
Tracked as CVE-2022-40303 and CVE-2022-40304, the two vulnerabilities could lead to remote code execution. Apple has credited Google Project Zero security researchers for both issues.
“A remote user may be able to cause unexpected app termination or arbitrary code execution,” Apple notes for both security flaws.
The first of the flaws exists because the lack of specific limitations could lead to integer overflows. According to Apple, improved input validation resolved the issue.
