CVE-2026-11979
Received Received - Intake

Stack-Based Buffer Overflow in libxml2 xmlcatalog

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: CERT.PL

Description
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within the stack frame. Successful exploitation may cause a crash or potentially allow arbitrary code execution in the context of the xmlcatalog process. This issue has been fixed in the commit c2e233fc. NOTE: The maintainers of this project did not agree that this issue is a vulnerability and considered it a bug.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-11979
EUVD
EUVD-2026-40092

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gnome libxml2 to c2e233fc (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-11979 is a stack-based buffer overflow vulnerability in the libxml2 software, specifically in the xmlcatalog utility when run in --shell mode.

The vulnerability occurs because the usershell() function processes user input using fixed-size stack buffers without proper bounds checking.

An attacker can exploit this by supplying an overly long input line, which causes buffer overflows in internal buffers (command, arg, and argv) during input parsing, leading to memory corruption within the stack frame.

Successful exploitation may cause the xmlcatalog process to crash or potentially allow arbitrary code execution within its context.

Impact Analysis

This vulnerability can impact you by causing the xmlcatalog utility to crash, which may disrupt normal operations.

More seriously, it may allow an attacker to execute arbitrary code within the context of the xmlcatalog process, potentially leading to unauthorized actions or system compromise.

Detection Guidance

This vulnerability affects the xmlcatalog utility when run in --shell mode and involves processing user input with fixed-size stack buffers without proper bounds checking.

Detection can involve monitoring for crashes or abnormal behavior of the xmlcatalog process when it is executed with the --shell option.

Since the vulnerability is triggered by overly long input lines causing buffer overflows, one approach is to test the xmlcatalog utility by providing long input strings in --shell mode to see if it crashes or behaves unexpectedly.

Specific commands to detect the vulnerability are not provided in the available resources.

Mitigation Strategies

The vulnerability has been fixed in the commit c2e233fc.

Immediate mitigation steps include updating libxml2 to a version that includes this fix.

Until the update is applied, avoid running the xmlcatalog utility in --shell mode or restrict access to it to prevent exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11979. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart