CVE-2026-6653
ADVISORY - debianSummary
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.
- libxml2 2.14.5+dfsg-0.1 https://www.openwall.com/lists/oss-security/2026/06/22/3 https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058 Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/463bbeeca1805b5c4828f50d0fefc4eebaf620df (v2.11.0) Mark 2.14.5+dfsg-0.1 as the first version fixed in unstable as from 2.12.7+dfsg-1 the version was reverted back to a 2.9.14 based one.
Common Weakness Enumeration (CWE)
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in