Source: libxml2.9 Version: 2.15.1+dfsg-2 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libxml2. CVE-2026-0990[0]: | A flaw was found in libxml2, an XML parsing library. This | uncontrolled recursion vulnerability occurs in the | xmlCatalogXMLResolveURI function when an XML catalog contains a | delegate URI entry that references itself. A remote attacker could | exploit this configuration-dependent issue by providing a specially | crafted XML catalog, leading to infinite recursion and call stack | exhaustion. This ultimately results in a segmentation fault, causing | a Denial of Service (DoS) by crashing affected applications. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-0990 https://www.cve.org/CVERecord?id=CVE-2026-0990 [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
