CVE-2026-6653

ADVISORY - debian

Summary

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

libxml2 2.14.5+dfsg-0.1 https://www.openwall.com/lists/oss-security/2026/06/22/3 https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058 Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/463bbeeca1805b5c4828f50d0fefc4eebaf620df (v2.11.0) Mark 2.14.5+dfsg-0.1 as the first version fixed in unstable as from 2.12.7+dfsg-1 the version was reverted back to a 2.9.14 based one.

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Debian

CREATED

1 day ago

UPDATED

19 hours ago

ADVISORY IDCVE-2026-6653⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-6653⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium