CNNVD-202601-2642 Information
CNNVD ID
CNNVD-202601-2642
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
libxml2是GNOME开源的一个用来解析XML文档的函数库。它用C语言写成,并且能为多种语言所调用,例如C语言,C++,XSH。 libxml2存在安全漏洞,该漏洞源于RelaxNG解析器在处理外部模式包含时未对包含深度进行限制,可能导致解析特制或过于复杂的模式时造成堆栈耗尽和应用程序崩溃。
Description (English)
libxml2 is a function library for the analysis of XML documents from an open source of GNOME. It is written in C and can be called in many languages, such as C, C++, XSH. There is a security loophole in libxml2, which stems from the fact that the RelaxNG solver does not limit the depth of the external mode when it is handled, which may result in stack depletion and application collapse when the ad hoc or overly complex mode is analysed.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
GNOME
Published
2026-01-15
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933
Patch
https://gitlab.gnome.org/GNOME/libxml2/-/releases
Share on: