Bug 2494690 - CVE-2026-11979 mingw-libxml2: libxml2: Arbitrary code execution in xmlcatalog utility via buffer overflow [epel-all]
Summary: CVE-2026-11979 mingw-libxml2: libxml2: Arbitrary code execution in xmlcatalog...
Keywords:
Status: NEW
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: mingw-libxml2
Version: epel10
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Richard W.M. Jones
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["0fb04d31-b419-4aff-96c6-b...
Depends On:
Blocks: CVE-2026-11979
TreeView+ depends on / blocked
 
Reported: 2026-06-29 21:04 UTC by Jon Moroney
Modified: 2026-06-29 21:04 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jon Moroney 2026-06-29 21:04:56 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking.
By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within the stack frame.
Successful exploitation may cause a crash or potentially allow arbitrary code execution in the context of the xmlcatalog process.

This issue has been fixed in the commit c2e233fc.

NOTE:
The maintainers of this project did not agree that this issue is a vulnerability and considered it a bug.


Note You need to log in before you can comment on or make changes to this bug.