CVE-2020-24977: Out-of-bounds Read

September 4, 2020 (updated October 20, 2021)

GNOME project libxml2 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

References

gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
gitlab.gnome.org/GNOME/libxml2/-/issues/178
nvd.nist.gov/vuln/detail/CVE-2020-24977

Code Behaviors & Features

Detect and mitigate CVE-2020-24977 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →