CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

CVE-2026-23739 Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

OESA-2025-1538 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

libxml2/libxml2_xml_read_memory_fuzzer: Heap-use-after-free in xmlSAX2AttributeNs

Project: https://gitlab.gnome.org/GNOME/libxml2.git Detailed report: https://oss-fuzz.com/testcase?key=5721921484750848 Project: libxml2 Fuzzer: libFuzzerlibxml2xmlreadmemoryfuzzer Fuzz target binary: libxml2xmlreadmemoryfuzzer Job Type: libfuzzerasanlibxml2 Platform Id: linux Crash Type:...