system/libxml2: xmlEncodeEntitiesInternal buffer overflow
Bugzilla ID | 359 |
Alias(es) | CVE-2020-24977 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-10-26 00:53:30 -0500 |
Modified | 2020-10-26 00:53:30 -0500 |
Status | UNCONFIRMED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | system/libxml2 |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-24977 |
Description
CVE-2020-24977: https://nvd.nist.gov/vuln/detail/CVE-2020-24977
GNOME project libxml2 v2.9.10 and earlier have a global Buffer
Overflow vulnerability in xmlEncodeEntitiesInternal at
libxml2/entities.c. The issue has been fixed in commit 8e7c20a1
(20910-GITv2.9.10-103-g8e7c20a1).
Restricted to xmllint. Unreleased fix: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2