View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2024-40896: 1 source package rows (libxml2); 33 state rows across 5 repos (3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 0, open 33.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.