{"id":"PUB-A-261365944", "published":"2023-06-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2023-21180", "A-261365944"], "details":"In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/libxml2", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-06-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libxml2/+/38b5bb8f7920334ff401fa52fcd0f9a637edbce5"], "severity":"Moderate", "spl":"2023-06-01", "types":["ID"]}}, {"package":{"name":"platform/external/libxml2", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-06-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libxml2/+/b4dc99e0d65aa43a49ea6d013df74b92befae2f5"], "severity":"Moderate", "spl":"2023-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"324699216604893890309377003807061448503", "length":24456}, "id":"PUB-A-261365944-2c9f663a", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/b4dc99e0d65aa43a49ea6d013df74b92befae2f5", "target":{"file":"parser.c", "function":"xmlParseTryOrFinish"}}, {"deprecated":false, "digest":{"line_hashes":["208856863971331026147884905030716442874", "103608749345005064832320638616546625818", "25288558621577816815188423662288058706", "273913629889501712463499975284448977456"], "threshold":0.9}, "id":"PUB-A-261365944-6845944e", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/b4dc99e0d65aa43a49ea6d013df74b92befae2f5", "target":{"file":"parser.c"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-06-01"}]}