INFBA-2025:6597: libxml2 security update
Information about definition
Identificator: INFBA-2025:6597
Type: bugfix
Release date: 2025-07-25 10:23:46 UTC
Information about package
libxml2 is a software library written in C for parsing and manipulating Extensible Markup Language (XML) documents. It's a core component of the GNOME project, but can be used independently in other software projects. libxml2 provides functionalities for reading, creating, and modifying XML data, and also supports standards like XML, Namespaces, XPath, and XPointer.
Vulnerabilities description
- CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-40896
|
no information | 9.1 | no information |
Updated packages
Preparing to download...