Description
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking.
By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within the stack frame.
Successful exploitation may cause a crash or potentially allow arbitrary code execution in the context of the xmlcatalog process.

This issue has been fixed in the commit c2e233fc.

NOTE:
The maintainers of this project did not agree that this issue is a vulnerability and considered it a bug.
Published: 2026-06-29
Score: 1.8 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the xmlcatalog utility of libxml2, triggered when the tool runs in --shell mode and processes overly long input lines. The unbounded input handling can corrupt stack buffers used for command, argument, and argv data, potentially causing the process to crash or executing arbitrary code in the context of the xmlcatalog process.

Affected Systems

Vendors: xmlsoft. Product: libxml2. No specific affected version information is provided; the issue was fixed in a recent commit (c2e233fc).

Risk and Exploitability

The CVSS score of 1.8 indicates low severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local: an attacker who can run xmlcatalog with the --shell option and supply crafted input may trigger the overflow. Successful exploitation could lead to code execution with the permissions of the xmlcatalog process, but the impact is limited to the local user context and is unlikely to be remotely exploitable without additional factors.

Generated by OpenCVE AI on June 29, 2026 at 14:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libxml2 to the version containing commit c2e233fc or later.
  • Avoid running xmlcatalog in --shell mode, or restrict the input length if shell mode is required.
  • Disable shell mode entirely if it is not needed for your use case.

Generated by OpenCVE AI on June 29, 2026 at 14:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Xmlsoft
Xmlsoft libxml2
Vendors & Products Xmlsoft
Xmlsoft libxml2

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within the stack frame. Successful exploitation may cause a crash or potentially allow arbitrary code execution in the context of the xmlcatalog process. This issue has been fixed in the commit c2e233fc. NOTE: The maintainers of this project did not agree that this issue is a vulnerability and considered it a bug.
Title Stack-Based Buffer Overflow in libxml2
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 1.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N'}

Subscriptions

Xmlsoft Libxml2
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-06-29T13:59:18.501Z

Reserved: 2026-06-11T13:20:24.839Z

Link: CVE-2026-11979

cve-icon Vulnrichment

Updated: 2026-06-29T13:59:14.692Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T18:00:05Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow